Joomla JComments Component "name" Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA39842

VERIFY ADVISORY:
http://secunia.com/advisories/39842/

DESCRIPTION:
High-Tech Bridge SA has discovered a vulnerability in the JComments
component for Joomla, which can be exploited by malicious users to
conduct script insertion attacks.

Input passed via the "name" parameter to administrator/index.php
(when "option" is set to "com_jcomments", "task" is set to "edit",
"hiddenmenu" is set to "1", and "cid" is set to a valid comment id)
when editing a comment is not properly sanitised before being used.
This can be exploited to insert arbitrary HTML and script code, which
will be executed in a user's browser session in context of an affected
site when the malicious data is being viewed.

Successful exploitation requires "Public Back-end" permissions.

The vulnerability is confirmed in version 2.1.0.0. Other versions may
also be affected.

SOLUTION:
Update to version 2.2.0.0 or later.

PROVIDED AND/OR DISCOVERED BY:
High-Tech Bridge SA

ORIGINAL ADVISORY:
HTB22368:
http://www.htbridge.ch/advisory/xss_vulnerability_in_jcomments_joomla.html

JComments:
http://www.joomlatune.com/jcomments-v.2.2-release-notes.html

RECENT ARTICLE

RECENT POST