Vulners
Lucene search
Joomla! 1.5 & 1.6 - JFilterInput XSS Bypass
# Exploit Title: Joomla! JFilterInput XSS Bypass
# Date: 1 February 2011
# Author: Jeff Channell
# Software Link: http://www.joomla.org
# Version: 1.5.22, 1.6.0
# Tested on: PHP5, MySQL5
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize
user-supplied html. This class attempts to parse any given string for
html code, checks the code against a whitelist of elements and
attributes, and strips out any code that is not allowed. However,
malformed html code can be used to bypass the filter and inject XSS code
into user-supplied input.
The following string bypasses JFilterInput's "safe" attributes in both
1.5 and 1.6:
<img src="<img src=x"/onerror=alert(1)//">
Users of 1.6 can test this by enabling the "Profile" user plugin and
injecting this string into the "About Me" textarea. Joomla! 1.5 has no
known core extensions that allow guests or regular users to post html,
however any 3rd party extension that relies on this class to sanitize
input will be vulnerable.
Timeline
* Vulnerabilities Discovered: 15 January 2011
* Vendor Notified: 15 January 2011
* Vendor Response: 17 January 2011
* Update Available: ...
* Disclosure: 1 February 2011
http://jeffchannell.com/Joomla/joomla-jfilterinput-xss-bypass.html
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1