Joomla! XCloner Component "mosmsg" and "option" Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA43511

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43511/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43511

RELEASE DATE:
2011-03-20

DESCRIPTION:
Two vulnerabilities have been reported in the XCloner component for
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks.

1) Input passed via the "mosmsg" parameter to
administrator/components/com_xcloner-backupandrestore/admin.cloner.php
is not properly sanitised in
administrator/components/com_xcloner-backupandrestore/admin.cloner.html.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) Input passed via the "option" parameter to
administrator/components/com_xcloner-backupandrestore/admin.cloner.php
(when "task" is set to "dologin") is not properly sanitised in
administrator/components/com_xcloner-backupandrestore/cloner.functions.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

Successful exploitation of this vulnerability requires that
"register_globals" is enabled.

The vulnerabilities are reported in version 2.1. Other versions may
also be affected.

SOLUTION:
Update to version 2.2.

PROVIDED AND/OR DISCOVERED BY:
mr_me