น้อมสำนึกในพระมหากรุณาธิคุณเป็นล้นพ้นอันหาที่สุดมิได้

Joomla YJ Whois Module Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA37525

VERIFY ADVISORY:
http://secunia.com/advisories/37525/

DESCRIPTION:
andresg888 has discovered a vulnerability in YJ Whois module for
Joomla, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Input passed in a HTTP POST request via the "domain" form field to
index.php (when form field "top_com" is set to "on" and "submitBtn"
is set to "Check") is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.0. Prior versions may
also be affected.

SOLUTION:
Update to version 1.1.

PROVIDED AND/OR DISCOVERED BY:
andresg888

ORIGINAL ADVISORY:
Joomla YJ:
http://extensions.joomla.org/extensions/external-contents/domain-search/5774