Multiple XSS Vulnerabilities on Joomla Core

Joomla is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS.

Joomla is written in PHP, uses object-oriented programming (OOP) techniques (since version 1.5) and software design patterns, stores data in a MySQL, MS SQL (since version 2.5), or PostgreSQL (since version 3.0) database,and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, search, and support for language internationalization.

As of November 2016, Joomla! has been downloaded over 78 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. It is estimated to be the second most used content management system on the Internet, after WordPress.

Recently, a security researcher was discovered multiple XSS vulnerabilities on Joomla Core (CVE-2017-7985 and CVE-2017-7986).

A brief description of the vulnerability

CVE-2017-7985

Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.  An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

CVE-2017-7986

Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.  An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Affected version

Joomla 1.5.0 through 3.6.5

Unaffected version

Joomla 3.7.0

How to fix

Update to Joomla 3.7.0

Exploit code