VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

2006-09-28T00:00:00
ID SECURITYVULNS:DOC:14468
Type securityvulns
Reporter Securityvulns
Modified 2006-09-28T00:00:00

Description

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

Status: Reported to the Vendor [09/26/2006] Class: Input Validation Error Severity: Low

Software Description:


VirtueMart (formerly known as mambo-phpShop) is an Open Source E-Commerce solution to be used together with a Content Management System (CMS) called Joomla!

Vulnerability Description:


Multiple cross-site scripting vulnerabilities exist in the Joomla eCommerce edition software provided by VirtueMart.

Vulnerable Software:


Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:


GET: index.php option=com_contact&Itemid="><script>alert('XSS');</script> POST: index.php subscriber_name=1&email=1&task=subscribe&Itemid="><script>alert('XSS');</script>

Solution:


None at this time.

Credits:


Discovered by Adrian Castro