Joomla JChatSocial 2.2 Cross Site Scripting

2014.07.08
Credit: Teodor Lupan
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

CVE-2014-3863 =================== "Stored Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "JChatSocial" Joomla extension. Vendor =================== Joomla! Extensions Store Product =================== JChatSocial: the Joomla live chat "JChatSocial is a powerful chat system for Joomla with a look so similar to Facebook chat and it's easy to install and configure. Users can choose to start a private chat or join a group conversation, all completely free of charge because data stream is processed on your server. In addition JChatSocial integrates with Skype software to start video calls directly within your Joomla! site, and has many advanced feature such as attachments exchange, avatars and more. " - source: http://storejoomla.org/extensions/jchatsocial.html Affected versions =================== This vulnerability affects versions of JChatSocial version 2.2 and probably lower Solution =================== The vendor has fixed the issue within few ours after receiving the vulnerability details, on 29.05.2014 Reported by =================== This issue was reported to the vendor by Teodor Lupan following a responsible disclosure process. Severity =================== High Exploitability =================== Easy: no user interaction required Description =================== The discovered Stored Cross Site Scripting can be used by anonymous users (unregistered) or on some setups - registered users - to target any other user types, including (Joomla) administrators, and execute any XSS attack type - like steal their session ID. Vulnerability details: In an active JChat window, it is possible to upload a file and send it to any other connected user. An attacker could insert malicious JavaScript code into the 'filename' input parameter which will be included into the active chat window and executed by the browser of the target without user interaction. -- Teodor Lupan - LPT, CEH, OSCP Technical Director Strada Doamna Cheajna nr. 1-3, etaj 4, Birou 7, Sector 3, cod 31233, BucureÅti, România Tel/Fax: +4 021 316 05 65 Mobil: +4 0723 010 220 e-mail: teodor.lupan@safetech.ro Web: www.safetech.ro


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top