SECUNIA ADVISORY ID:
SA39870
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/39870/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=39870
RELEASE DATE:
2010-05-21
DISCUSS ADVISORY:
http://secunia.com/advisories/39870/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/39870/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=39870
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Valentin Hoebel has discovered a vulnerability in the ActiveHelper
LiveHelp component for Joomla, which can be exploited by malicious
people to conduct cross-site scripting attacks.
Input passed to the "DOMAINID" parameter in
administrator/components/com_activehelper_livehelp/server/cookies.php
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerability is confirmed in version 2.0.3. Other versions may
also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel
ORIGINAL ADVISORY:
http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/