lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jun 2006 21:35:45 +0200 From: Yannick von Arx <yannick.vonarx@...ux.ch> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, submit@...w0rm.com Subject: Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities ======================================================================= Release Date ------------ June 01, 2006 Vendor ------- Two Shoes Mambo Factory http://www.tsmf.net/ Version ------- SimpleBoard 1.1.0 Stable (com_simpleboard) under Joomla CMS 1.0.8 Details ------- Frontend (Public): <forum_link> / <forum_title> / "post ne topic" / Name -> [XSS] If the module "mod_simpleboard5" wich shows the latest posts (also Username) is installed and aktivated for the frontpage (home), make <script>history.back();</script> and no one can join the page again! Backend (Admin Panel): Components /Simpleboard Forum / Simpleboard Configuration / Basics -> Title [XSS] (Community-Title) Components /Simpleboard Forum / Simpleboard Administration / New -> Name [XSS] (Forum-Title) Components /Simpleboard Forum / Simpleboard Administration / New -> Name [XSS] (Category-Title <- Choose "Top Level Category") XSS example: <script>alert("XSS");</script> Discovered by: Yannick von Arx yannick[dot]vonarx[at]yanux[dot]ch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists