Hi Bugtraq,
This is regarding multiple XSS vulnerabilities in multiple core
components of the administrative section of Joomla!
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability arises due to the administrator core components
failing to properly sanitize user-supplied input in the "search"
variable. Successful exploitation of this vulnerability could result
in, but not limited to, compromise of the application, theft of
cookie-based authentication credentials, arbitrary url redirection,
disclosure or modification of sensitive data and phishing attacks.
An attacker can send a link with the exploit to an administrator whose
access could compromise the application. The following PoC is
available:
http://joomlasite/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E
http://joomlasite/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.google.com%27%29%22%3E
Regards,
Riyaz Ahemed Walikar