Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard (Software Security Analyst at Foreground Security) - Verified by: Jose Carlos de Arriba (Pentest Team Manager at Foreground Security) - Contact: (awillard (at) foregroundsecurity (dot) com) - Severity: 4.3/10 (Base CVSS Score) ============================================================ I. VULNERABILITY ------------------------- Algis Info aiContactSafe Extension 2.0.19 (latest) Cross-Site Scripting (XSS) vulnerability - (prior versions have not been checked but could be vulnerable too). II. BACKGROUND ------------------------- Algis Info aiContactSafe is a native Joomla component developed by Algis Info. You can use it to place a complex contact form on your web page. Here are some of the facilities that it can offer: - custom fields - captcha - custom text related to the contact informations - multilingual support ( through Joomfish ) - SEFthrough Artio JoomSEF or sh404SEF III. DESCRIPTION ------------------------- Algis Info aicontactsafe 2.0.19 (latest) Extension presents a Cross-Site Scripting (XSS) vulnerability in the "url" due to an insufficient input/output sanitization. A malicious user could perform session hijacking or phishing attacks. IV. PROOF OF CONCEPT ------------------------- (This section has been removed per vendor request). V. BUSINESS IMPACT ------------------------- An attacker could perform session hijacking or phishing attacks. VI. SYSTEMS AFFECTED ------------------------- Joomla Extension, AlgisInfo com_aicontactsafe_2_0_19_stable Extension (prior versions have not been checked but could be vulnerable too). VII. SOLUTION ------------------------- Fixed on 2.0.21.stable version release. VIII. REFERENCES ------------------------- http://www.algisinfo.com/ http://www.foregroundsecurity.com/ IX. CREDITS ------------------------- This vulnerability has been discovered by Adam Willard (awillard (at) foregroundsecurity (dot) com), verification and release coordination by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com). X. REVISION HISTORY ------------------------- - July 10, 2013: Initial release. XI. DISCLOSURE TIMELINE ------------------------- April 2, 2013: Vulnerability discovered by Adam Willard. April 3, 2013: Vulnerability verified by Jose Carlos de Arriba. April 15: AlgisInfo aiContactSafe Author contacted by email. April 15: Response from author and security advisory sent to him. April 16: Vulnerability fixed on 2.0.21.stable version release July 10: Security advisory released XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Jose Carlos de Arriba, CISSP Pentest Team Manager Foreground Security 305-340-9964 jcarriba (at) foregroundsecurity . com www.foregroundsecurity.com