SECUNIA ADVISORY ID:
SA54054
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54054/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54054
RELEASE DATE:
2013-08-15
DESCRIPTION:
Jennifer Bornholt has discovered a vulnerability in the JoomShopping
component for Joomla!, which can be exploited by malicious users to
conduct script insertion attacks.
Input passed via the "user_name" POST parameter to index.php (when
"option" is set to "com_jshopping", "controller" is set to "product",
"task" is set to "reviewsave", and "Itemid" is set to a valid item
identifier) is not properly sanitised before being used. This can be
exploited to insert arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious data is being viewed.
The vulnerability is confirmed in version 4.3.0. Prior versions may
also be affected.
SOLUTION:
Update to version 4.3.1 or later.
PROVIDED AND/OR DISCOVERED BY:
Jennifer Bornholt via Secunia