Joomla! Poll System mosmsg Variable Malformed HTML Tag DoS

2006-02-26T09:47:34
ID OSVDB:23816
Type osvdb
Reporter Foster(ghc@ghc.ru)
Modified 2006-02-26T09:47:34

Description

Vulnerability Description

Joomla! contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker provides malformed HTML tags to the 'mosmsg' variable in the poll system. Due to an error in the anti cross site scripting (XSS) code in includes/phpInputFilter/class.inputfilter.php, such a request will cause a denial of service and may result in loss of availability for the system.

Solution Description

Upgrade to version 1.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Joomla! contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker provides malformed HTML tags to the 'mosmsg' variable in the poll system. Due to an error in the anti cross site scripting (XSS) code in includes/phpInputFilter/class.inputfilter.php, such a request will cause a denial of service and may result in loss of availability for the system.

Manual Testing Notes

/index.php?option=com_poll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><>

References:

Vendor URL: http://www.joomla.org/ Vendor Specific News/Changelog Entry: http://www.joomla.org/content/view/938/78/ Secunia Advisory ID:19105 Related OSVDB ID: 23815 Related OSVDB ID: 23817 Related OSVDB ID: 23821 Related OSVDB ID: 23818 Related OSVDB ID: 23819 Related OSVDB ID: 23820 Related OSVDB ID: 23822 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0601.html FrSIRT Advisory: ADV-2006-0818 CVE-2006-1029