Joomla Youtube Gallery 3.4.0 Cross Site Scripting

2014-03-15T00:00:00
ID PACKETSTORM:125732
Type packetstorm
Reporter Mahmoud Ghorbanzadeh
Modified 2014-03-15T00:00:00

Description

                                        
                                            `Hello,  
  
Cross-site  
scripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web  
script or HTML via the videofile parameter to /includes/flvthumbnail.php.  
  
POC:  
http://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=<script>alert('XSS')</script>  
`