Joomla! Table JX Component Two Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA39693

VERIFY ADVISORY:
http://secunia.com/advisories/39693/

DESCRIPTION:
Valentin Hoebel has reported some vulnerabilities in the Table JX
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Input passed via the "data_search" and "rpp" parameters to index.php
(when "option" is set to "com_grid" and "gid" is set) is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

The vulnerabilities are reported in version 1.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/documents/security/joomla_com_table_jx_xss.txt