Joomla! K2 Component Multiple Script Insertion Vulnerabilities 

SECUNIA ADVISORY ID:
SA41554

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41554/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41554

RELEASE DATE:
2010-09-23
DESCRIPTION:
Two vulnerabilities have been reported in the K2 component for
Joomla!, which can be exploited by malicious people to conduct script
insertion attacks.

Input passed via the "Name" and "Website" fields when making a
comment is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code which will get
executed in a user's browser session when the malicious data is being
viewed.

The vulnerabilities are reported in versions prior to 2.4.

SOLUTION:
Update to version 2.4 or greater.

PROVIDED AND/OR DISCOVERED BY:
Jeff Channel

ORIGINAL ADVISORY:
Joomlaworks:
http://community.getk2.org/profiles/blogs/k2-v24-released
http://code.google.com/p/joomlaworks/source/detail?r=557

Jeff Channel:
http://jeffchannell.com/Joomla/k2-23-persistent-xss-vulnerability.html

RECENT ARTICLE

RECENT POST

ลิงก์ที่เกี่ยวข้อง

ลิงก์อื่นๆ ที่เกี่ยวข้องกับจูมล่า