Joomla SocialAds Component "addata[][ad_body]" Script Insertion

SECUNIA ADVISORY ID:
SA40565

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40565/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40565

RELEASE DATE:
2010-07-14
DESCRIPTION:
A vulnerability has been reported in the SocialAds component for
Joomla, which can be exploited by malicious users to conduct script
insertion attacks.

Input passed via the "addata[][ad_body]" parameter to index.php (when
"option" is set to "com_socialads", "view" is set to "buildad", and
"Itemid" is set to a valid value) when creating an advertisement is
not properly sanitised before being used. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious data is being viewed.

The vulnerability is reported in versions prior to 1.0.1.

SOLUTION:
Update to version 1.0.1.

PROVIDED AND/OR DISCOVERED BY:
Sid3^effects

RECENT ARTICLE

RECENT POST