CVE-2017-7985,CVE-2017-7986,joomla cross site scripting vulnerability

Joomla is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS.

Joomla is written in PHP, uses object-oriented programming (OOP) techniques (since version 1.5) and software design patterns, stores data in a MySQL, MS SQL (since version 2.5), or PostgreSQL (since version 3.0) database,and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, search, and support for language internationalization.

As of November 2016, Joomla! has been downloaded over 78 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. It is estimated to be the second most used content management system on the Internet, after WordPress.

Recently, a security researcher was discovered multiple XSS vulnerabilities on Joomla Core (CVE-2017-7985 and CVE-2017-7986).

A brief description of the vulnerability

CVE-2017-7985

Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

CVE-2017-7986

Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Affected version

Joomla 1.5.0 through 3.6.5

Unaffected version

Joomla 3.7.0

How to fix

Update to Joomla 3.7.0

Exploit code

http://ift.tt/2qKf3j0

The post Multiple XSS Vulnerabilities on Joomla Core appeared first on Penetration Testing in Linux. http://ift.tt/2pcB9d5 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s