Vigil@nce: Joomla, Cross Site Scripting of RSMonials
April 2009 by Vigil@nce
An attacker can generate a Cross Site Scripting in the RSMonials
component of Joomla.
– Severity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 23/04/2009
IMPACTED PRODUCTS
– Joomla!
DESCRIPTION OF THE VULNERABILITY
The RSMonials component of Joomla can be used to add testimonials
to a site.
Visitors enter their testimonials in a form, and then the
administrator can read them. However, when the administrator reads
the testimonial, the HTML code entered by the user is directly
inserted in the page.
An attacker can therefore generate a Cross Site Scripting in the
RSMonials component of Joomla.
CHARACTERISTICS
– Identifiers: BID-34684, VIGILANCE-VUL-8667
– Url: http://vigilance.fr/vulnerability/Joomla-Cross-Site-Scripting-of-RSMonials-8667
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2