Joomla! CiviCRM Component Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA43228

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43228/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43228

RELEASE DATE:
2011-02-10

DESCRIPTION:
Multiple vulnerabilities have been discovered in the CiviCRM
component for Joomla!, which can be exploited by malicious people to
conduct cross-site scripting attacks and compromise a vulnerable
system.

1) The application bundles a vulnerable version of Open Flash Chart.

For more information:
SA37903

2) Input passed via the "defaultPath" parameter to
administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php,
via the "lang" parameter to
administrator/components/com_civicrm/civicrm/packages/PHPgettext/examples/pigs_dropin.php
and
administrator/components/com_civicrm/civicrm/packages/PHPgettext/examples/pigs_fallback.php
and via the "class" parameter to
administrator/components/com_civicrm/civicrm/packages/amfphp/browser/details.php
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerabilities are confirmed in version 3.3.3. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
AutoSec Tools