| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Jul 2014 11:25:41 +0300 From: Teodor Lupan <teodor.lupan@...etech.ro> To: bugtraq@...urityfocus.com Subject: CVE-2014-3863 - Stored XSS in JChatSocial CVE-2014-3863 =================== "Stored Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "JChatSocial" Joomla extension. Vendor =================== Joomla! Extensions Store Product =================== JChatSocial: the Joomla live chat "JChatSocial is a powerful chat system for Joomla with a look so similar to Facebook chat and it's easy to install and configure. Users can choose to start a private chat or join a group conversation, all completely free of charge because data stream is processed on your server. In addition JChatSocial integrates with Skype software to start video calls directly within your Joomla! site, and has many advanced feature such as attachments exchange, avatars and more. " - source: http://storejoomla.org/extensions/jchatsocial.html Affected versions =================== This vulnerability affects versions of JChatSocial version 2.2 and probably lower Solution =================== The vendor has fixed the issue within few ours after receiving the vulnerability details, on 29.05.2014 Reported by =================== This issue was reported to the vendor by Teodor Lupan following a responsible disclosure process. Severity =================== High Exploitability =================== Easy: no user interaction required Description =================== The discovered Stored Cross Site Scripting can be used by anonymous users (unregistered) or on some setups - registered users - to target any other user types, including (Joomla) administrators, and execute any XSS attack type - like steal their session ID. Vulnerability details: In an active JChat window, it is possible to upload a file and send it to any other connected user. An attacker could insert malicious JavaScript code into the 'filename' input parameter which will be included into the active chat window and executed by the browser of the target without user interaction. -- Teodor Lupan - LPT, CEH, OSCP Technical Director Strada Doamna Cheajna nr. 1-3, etaj 4, Birou 7, Sector 3, cod 31233, Bucureşti, România Tel/Fax: +4 021 316 05 65 Mobil: +4 0723 010 220 e-mail: teodor.lupan@...etech.ro Web: www.safetech.ro
Powered by blists - more mailing lists