Multiple XSS Vulnerabilities on Joomla Core
Joomla is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS.
Joomla is written in PHP, uses object-oriented programming (OOP) techniques (since version 1.5) and software design patterns, stores data in a MySQL, MS SQL (since version 2.5), or PostgreSQL (since version 3.0) database,and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, search, and support for language internationalization.
As of November 2016, Joomla! has been downloaded over 78 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. It is estimated to be the second most used content management system on the Internet, after WordPress.
Recently, a security researcher was discovered multiple XSS vulnerabilities on Joomla Core (CVE-2017-7985 and CVE-2017-7986).
A brief description of the vulnerability
CVE-2017-7985
Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CVE-2017-7986
Joomla! is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Affected version
Joomla 1.5.0 through 3.6.5
Unaffected version
Joomla 3.7.0
How to fix
Update to Joomla 3.7.0
Exploit code