Joomla ActiveHelper LiveHelp Component "DOMAINID" Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA39870

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/39870/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=39870

RELEASE DATE:
2010-05-21

DISCUSS ADVISORY:
http://secunia.com/advisories/39870/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)

http://secunia.com/advisories/39870/

ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=39870

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
Valentin Hoebel has discovered a vulnerability in the ActiveHelper
LiveHelp component for Joomla, which can be exploited by malicious
people to conduct cross-site scripting attacks.

Input passed to the "DOMAINID" parameter in
administrator/components/com_activehelper_livehelp/server/cookies.php
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerability is confirmed in version 2.0.3. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

RECENT ARTICLE

RECENT POST