TUCoPS :: Web :: CMS / Portals :: b06-4937.htm

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities


VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities


Status: Reported to the Vendor [09/26/2006]
Class: Input Validation Error
Severity: Low


Software Description:
*****************************************************************************
VirtueMart (formerly known as mambo-phpShop) is an Open Source
E-Commerce solution to be used together with a Content Management
System (CMS) called Joomla!

Vulnerability Description:
*****************************************************************************
Multiple cross-site scripting vulnerabilities exist in the Joomla
eCommerce edition software provided by VirtueMart.

Vulnerable Software:
*****************************************************************************
Joomla 1.0.11 eCommerce Edition (prior versions may also be vulnerable)

Exploit:
*****************************************************************************
GET: index.php
option=com_contact&Itemid=">
POST: index.php
subscriber_name=1&email=1&task=subscribe&Itemid=">

Solution:
*****************************************************************************

None at this time.

Credits:
*****************************************************************************
Discovered by Adrian Castro

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH