Vigil@nce - Joomla: Cross Site Scripting via search
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the language search component, in order to
generate a Cross Site Scripting in Joomla, leading to the
execution of JavaScript code in the context of the web site.
Impacted products: Joomla
Severity: 2/4
Creation date: 10/10/2012
DESCRIPTION OF THE VULNERABILITY
The Joomla interface is available in several languages.
However, the language switching component does not correctly
filter its parameters before displaying them.
An attacker can therefore use the language search component, in
order to generate a Cross Site Scripting in Joomla, leading to the
execution of JavaScript code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-Cross-Site-Scripting-via-search-12052