Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#21049] - Reflected Cross-Site Scripting

?
avatar schtomi87
schtomi87
11 Jul 2018

Hi,

It is possible to exploit an XSS vulnerability through the following request:

POST /index.php HTTP/1.1
Host: www.anything.com
[...]

avatar schtomi87 schtomi87 - open - 11 Jul 2018
avatar joomla-cms-bot joomla-cms-bot - labeled - 11 Jul 2018
avatar schtomi87
schtomi87 - comment - 11 Jul 2018

vvvv

avatar schtomi87
schtomi87 - comment - 11 Jul 2018

The following content is returned by the web server:

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/21049.
avatar infograf768 infograf768 - change - 11 Jul 2018
Status New Closed
Closed_Date 0000-00-00 00:00:00 2018-07-11 09:50:48
Closed_By infograf768
avatar infograf768 infograf768 - close - 11 Jul 2018
avatar HLeithner
HLeithner - comment - 11 Jul 2018

@schtomi87 please report the issue to the security team at https://developer.joomla.org/security/contact-the-team.html and not in the public tracker
@joomla/security

avatar schtomi87
schtomi87 - comment - 11 Jul 2018

@HLeithner Ok, sorry!

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/21049.

avatar franz-wohlkoenig
franz-wohlkoenig - comment - 11 Jul 2018

can this kind of Report be deleted?

avatar infograf768 infograf768 - change - 11 Jul 2018
The description was changed
avatar infograf768 infograf768 - edited - 11 Jul 2018
avatar franz-wohlkoenig
franz-wohlkoenig - comment - 11 Jul 2018

thanks @infograf768

Add a Comment

Login with GitHub to post a comment