Joomla! "searchword" Cross-Site Scripting

SECUNIA ADVISORY ID:
SA27196

VERIFY ADVISORY:
http://secunia.com/advisories/27196/

CRITICAL:
Not critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
MustLive has discovered a vulnerability in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to the "searchword" parameter in index.php (when
"option" is set to "com_search") is not properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

Successful exploitation requires that the victim changes the number
of search results in a drop-down box, after having clicked on the
malicious link.

The vulnerability is confirmed in version 1.0.13. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
MustLive

ORIGINAL ADVISORY:
http://securityvulns.ru/Rdocument919.html