============================================================ - Original release date: August 05, 2013 - Discovered by: Emilio Pinna (Application Security Analyst at Abinsula) - Contact: (emilio (dot) pinn (at) gmail (dot) com) - Severity: 4.3/10 (Base CVSS Score) ============================================================ VULNERABILITY ------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Joomla is one of the most installed CMS with dozens of millions of installations. DESCRIPTION ------------------------- Affected file libraries/idna_convert/example.php has different injection points: - Unsanitized lang parameter in line 24 - Unsanitized file name printing on lines 112 and 119 PROOF OF CONCEPT ------------------------- http://localhost/joomla/libraries/idna_convert/example.php?lang=">