Joomla Joomseller Events Booking Pro 'info' Parameter XSS Vulnerability Network Vulnerability

Summary

This host is running Joomla Joomseller Event Booking Pro plugin and is prone to xss vulnerability.

Impact

Successful exploitation will allow remote attacker to execute arbitrary HTML or script code and or discloses sensitive information resulting in loss of confidentiality.

Solution

Upgrade to JSE Event version 1.0.3, For updates refer to http://joomseller.com/joomla-components/jse-event.html

Insight

Input passed via 'info' parameter to 'mod_eb_v5_mini_calendar/tmpl/tootip.php' is not properly sanitised before being returned to the user.

Affected

Joomla Components com_events_booking_v5 and com_jse_event before 1.0.3

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://www.securityfocus.com/archive/1/527775

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tiles Multiple XSS Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
AlienForm CGI script

Take action and discover your vulnerabilities