TUCoPS :: Web :: CMS / Portals :: b06-2651.htm

Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities


Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities
======================================================================
Release Date
------------
June 01, 2006

Vendor
-------
Two Shoes Mambo Factory
http://www.tsmf.net/ 

Version
-------
SimpleBoard 1.1.0 Stable (com_simpleboard) under Joomla CMS 1.0.8

Details
-------
Frontend (Public):
 /  / "post ne topic" / Name -> [XSS]

If the module "mod_simpleboard5" wich shows the latest posts (also  
Username) is installed and aktivated for the frontpage (home), make  
 and no one can join the page again!

Backend (Admin Panel):
Components /Simpleboard Forum / Simpleboard Configuration / Basics ->  
Title [XSS] (Community-Title)

Components /Simpleboard Forum / Simpleboard Administration / New ->  
Name [XSS] (Forum-Title)

Components /Simpleboard Forum / Simpleboard Administration / New ->  
Name [XSS] (Category-Title <- Choose "Top Level Category")

XSS example: 

Discovered by:
Yannick von Arx
yannick[dot]vonarx[at]yanux[dot]ch

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH