Vigil@nce - Joomla: Cross Site Scripting
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use HTML entities, in order to generate a Cross
Site Scripting in Joomla.
Severity: 2/4
Creation date: 11/10/2010
DESCRIPTION OF THE VULNERABILITY
An HTML page can contain characters encoded as entities. For
example, ""e;" is the quote character.
However, Joomla does not filter characters encoded several times
given as url parameters.
An attacker can therefore use HTML entities, in order to generate
a Cross Site Scripting in Joomla.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-Cross-Site-Scripting-10014