Joomla! / Mambo BlastChat Client Component "Itemid" Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA41129

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41129/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41129

RELEASE DATE:
2010-08-28
DESCRIPTION:
Aung Khant has reported a vulnerability in the BlastChat Client
component for Joomla! / Mambo, which can be exploited by malicious
people to conduct cross-site scripting attacks.

Input passed via the "Itemid" parameter to index.php (when "option"
is set to "com_blastchatc") is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

The vulnerability is reported in versions prior to 3.4.

SOLUTION:
Update to version 3.4.

PROVIDED AND/OR DISCOVERED BY:
Aung Khant, YGN Ethical Hacker Group.

ORIGINAL ADVISORY:
Aung Khant:
http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_blastchatc%5D_cross_site_scripting