Vigil@nce - Joomla Extensions: multiple vulnerabilities of Google Maps
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Google Maps of
Joomla JoomLeague, Joomla-Base and other modules using Google Maps.
Impacted products: Joomla Extensions
Severity: 2/4
Creation date: 24/02/2014
Revision date: 26/02/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Joomla JoomLeague,
Joomla-Base and other modules using Google Maps.
An attacker can use plugin_googlemapX_proxy.php, in order to
trigger a denial of service. [severity:2/4]
An attacker can transmit malicious XML data dans
plugin_googlemapX_proxy.php, in order to read a file, scan sites,
or trigger a denial of service. [severity:2/4]
An attacker can trigger a Cross Site Scripting in
plugin_googlemapX_proxy.php, in order to execute JavaScript code
in the context of the web site. [severity:2/4]
An attacker can use plugin_googlemapX_proxy.php, in order to
obtain the installation path. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-Extensions-multiple-vulnerabilities-of-Google-Maps-14299