Joomla! JX Finder Extension Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	50887
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 01 2011 12:00AM
Updated:	Dec 01 2011 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Joomla JX Finder 2.0.1
Not Vulnerable:

Joomla! JX Finder Extension Multiple Cross Site Scripting Vulnerabilities

Joomla! JX Finder extension is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker could leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Joomla! JX Finder extension 2.0.1 is vulnerable; prior versions may also be affected.

Joomla! JX Finder Extension Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

Joomla! JX Finder Extension Multiple Cross Site Scripting Vulnerabilities

Solution:
The vendor has released an update. Please see the references for details.

Joomla! JX Finder Extension Multiple Cross Site Scripting Vulnerabilities

References:

• JX Finder 2.0.1 XSS Vulnerabilities (Joomla)
  
• JVNDB-2015-006463: Directory traversal vulnerability in bitrix.mpbuilder module (Bitrix)