Security Advisory SA53428 – Joomla! jNews Component "get-data" Cross-Site Scripting Vulnerability – Secunia

Category: Joomla

Description

A vulnerability has been discovered in the jNews component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "get-data" parameter to /components/com_jnews/includes/openflashchart/open-flash-chart.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 8.0.1. Other versions may also be affected.

Solution No official solution is currently available.

Provided and/or discovered by Deepankar Arora and Rafay Baloch.

Original Advisory http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html

Deep Links Links available to Secunia VIM customers

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

The rest is here:
Security Advisory SA53428 - Joomla! jNews Component "get-data" Cross-Site Scripting Vulnerability - Secunia

Joomla 1.5 - Upload An Image To Media Manager - Video - March 11th, 2014 [March 11th, 2014]
Curso Joomla! 3.2 Bootstrap and Blank Template (parte 4) - Video - March 11th, 2014 [March 11th, 2014]
How to Install Joomla 2.5 Manually or Browser Installation - Video - March 11th, 2014 [March 11th, 2014]
Joomla Tutorial: 012 Create Survey's and Polls - Video - March 11th, 2014 [March 11th, 2014]
Joomla Tutrial: 008 Make Web Pages Show up in Joomla - Video - March 11th, 2014 [March 11th, 2014]
Joomla receives patches for zero-day SQL injection vulnerability, other flaws - March 11th, 2014 [March 11th, 2014]
Joomla receives patches for zero-day SQL injection vulnerability - March 11th, 2014 [March 11th, 2014]
9.- Webmastertool y extensiones joomla - Video - March 10th, 2014 [March 10th, 2014]
Responsive Music Player With Playlist Joomla Module - Video - March 10th, 2014 [March 10th, 2014]
js jobs joomla 3.0 - Video - March 10th, 2014 [March 10th, 2014]
Joomla Virtuemart new 2 version Stock Products category Placing How To place products Virtuemart - Video - March 10th, 2014 [March 10th, 2014]
How To Upload Shell in Joomla! Site - Video - March 10th, 2014 [March 10th, 2014]
Best Parallax Joomla Template 2014 - Video - March 10th, 2014 [March 10th, 2014]
Video tutorial how to increase search charaters in joomla 2 5 - Video - March 10th, 2014 [March 10th, 2014]
T-Download Store Overview - Video - March 10th, 2014 [March 10th, 2014]
Demo of Joomla Platform mobilefriendly app 405 - Video - March 9th, 2014 [March 9th, 2014]
Pastor 2 - Video - March 9th, 2014 [March 9th, 2014]
Joomla Marketing - Video - March 9th, 2014 [March 9th, 2014]
Joomla 3.x. How to manage Komento component integrations - Video - March 8th, 2014 [March 8th, 2014]
1.- Introduccin curso joomla 3x - Video - March 8th, 2014 [March 8th, 2014]
Curso de Joomla! 3.2 - Template Blank e Bootstrap (parte 1) - Video - March 8th, 2014 [March 8th, 2014]
T3 Framework - Admin area overview - General settings - Video - March 8th, 2014 [March 8th, 2014]
Curso de Joomla! 3.2 - Bootstrap e Blank Template (parte 3) - Video - March 8th, 2014 [March 8th, 2014]
Joomla! Resource Directory Unveiled at JoomlaDay Boston 2014 - March 8th, 2014 [March 8th, 2014]
Stock Photo OG-RAC-2012: Joomla - Video - March 6th, 2014 [March 6th, 2014]
Template Joomla! - Vida Yootheme Slideshow, Menu e Sidebar - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte3) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 5) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 6) - Video - March 6th, 2014 [March 6th, 2014]
Curso de Joomla! 3.2 - Vdeo-tutorial Template Blank (parte 7) - Video - March 6th, 2014 [March 6th, 2014]
Sql Joomla By Root Devil - Video - March 6th, 2014 [March 6th, 2014]
How to Recover your Username and Password in Joomla 3 - Video - March 6th, 2014 [March 6th, 2014]
Preview Fashion Design School Joomla Template TMT - Video - March 6th, 2014 [March 6th, 2014]
How To Blog With Joomla - March 5 Joomla Detroit Meetup - Video - March 6th, 2014 [March 6th, 2014]
Joomla extension tutorial - JA Extension Manager Component - Video - March 5th, 2014 [March 5th, 2014]
The Best Free Responsive Joomla template ever - Purity III - Video - March 5th, 2014 [March 5th, 2014]
Not a drop in the bucket: More than 1 million websites now use Drupal - March 5th, 2014 [March 5th, 2014]
Joomla 2.5 - Configuracin global - Video - March 4th, 2014 [March 4th, 2014]
Setting External Links in Joomla 3 using JCE - Video - March 4th, 2014 [March 4th, 2014]
joomla 3.2 video tutorials for beginners, joomla 3.2 video tutorials step by step, - Video - March 4th, 2014 [March 4th, 2014]
The New CMS - March 4th, 2014 [March 4th, 2014]
Joomla! 3.2 - Publicando site no servidor com Akeeba Backup - Video - March 3rd, 2014 [March 3rd, 2014]
Best Hosting Video | How to add RSS Newsfeeds in Joomla 2.5 - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 publicao do site com akeeba (parte 3) - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 publicando site com akeeba (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
[SEMINARIO] Come creare un sito Joomla! in pochi passi - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla extension tutorials - JA Multilingual Component - Video - March 3rd, 2014 [March 3rd, 2014]
Exploit Joomla site by JCE Editor using PHP Script and google dork - Video - March 3rd, 2014 [March 3rd, 2014]
Joomla! 3.2 vde-tutorial Blank Template (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
Preview Magnificent Beer Pub Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
Best Hosting Video | How to create a database backup of Joomla 2.5 using phpMyAdmin - Video - March 2nd, 2014 [March 2nd, 2014]
joomla installation step by step - Video - March 2nd, 2014 [March 2nd, 2014]
Preview University Responsive Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
how to install joomla 3-2-2 on localhost windows 7 easy 8 min - Video - February 28th, 2014 [February 28th, 2014]
Joomla! User Group Toronto Steering Committee Meeting 2014/02/26 - Video - February 28th, 2014 [February 28th, 2014]
Security Patch Joomla 1.5 - Video - February 28th, 2014 [February 28th, 2014]
NetHosting Adds Unprecedented Web Maintenance Service to Product Lineup - February 28th, 2014 [February 28th, 2014]
63 Agency - A Pro Joomla 2.5 / 3.0 Responsive Template - Video - February 27th, 2014 [February 27th, 2014]
joomla tutorial, joomla tutorials video, Joomla 3.2 Video Tutorials - Video - February 27th, 2014 [February 27th, 2014]
Joomla Destination Container - Video - February 27th, 2014 [February 27th, 2014]
Joomla! Framework Licensing Debate & Explaination - Video - February 27th, 2014 [February 27th, 2014]
Preview White Apparel Joomla Template by Jade TMT - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to create Featured (Front page) Articles in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to block or delete a Super Administrator in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to use Private Messaging in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to manage Weblinks in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to manage Languages in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
Best Hosting Video | How to create a Login module in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
ACL no Joomla! 3.2 - Video - February 25th, 2014 [February 25th, 2014]
Joomla! 3.2 Autenticao com TwoFactor - Video - February 25th, 2014 [February 25th, 2014]
JOOMLA 2.5 TUTORIAL LESSON 1 - Video - February 25th, 2014 [February 25th, 2014]
Buzzflash.com Launches a New Joomla Portal for Truthout News Organization - February 25th, 2014 [February 25th, 2014]
How to set user permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
View different folder permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
View user logs in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to upload files, delete files, create folders in J!Extranet 5.0 Extended version and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
How to use My Vault in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to remove front-end menu items in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to set user permissions in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
How to move folders in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]

May 16th, 2013

No comments yet

Comments are closed.

Mediaboss Marketing

Security Advisory SA53428 – Joomla! jNews Component "get-data" Cross-Site Scripting Vulnerability – Secunia

About

Pages

Categories

Media Sites

Recommended Sites

Archives