In the Joomla survey modules, there is a little problem that originates character injections. http://www.site.dom/index.php?option=com_poll&task=results&id=18&mosmsg=messages You can edit
In the Joomla survey modules, there is a little problem that originates character injections. http://www.site.dom/index.php?option=com_poll&task=results&id=18&mosmsg=messages You can edit messages and insert what you prefer; Module capture it and show the messages in the page. Try it: http://www.slacky.it/index.php?option=com_poll&task=results&id=18&mosmsg=TEST (my friend website) http://demo.joomla.org/ Vulnerable too.
doesnt look like there's any xss there, so this doesnt look like a security issue, reassigning to maintainer...
(In reply to comment #1) > doesnt look like there's any xss there, so this doesnt look like a security > issue, reassigning to maintainer... > Sure isnt XSS but bad coding that originates charaters injection.
CMS usually use Global Active Var.. Joomla used mosmsg only for survey modules, and i think this alpha-patch: $mosmsg='Thanks for your vote!';
please report upstream
(In reply to comment #4) > please report upstream > Joomla Dev. contacted. :)
slacky.it doesn't appear to be a Joomla! site but a Mambo site, can you please verify what version of Joomla! that they are running and also check that they are running the latest version of Joomla! In addition, I do not seem to be able to validate this. I used the following URL: http://demo.joomla.org/index.php?option=com_poll&task=results&id=14&mosmsg=XSS Kind Regards, Sam Moffatt, Joomla! Core Developer
(In reply to comment #6) > slacky.it doesn't appear to be a Joomla! site but a Mambo site, can you please > verify what version of Joomla! that they are running and also check that they > are running the latest version of Joomla! > > In addition, I do not seem to be able to validate this. I used the following > URL: > http://demo.joomla.org/index.php?option=com_poll&task=results&id=14&mosmsg=XSS > > Kind Regards, > Sam Moffatt, > Joomla! Core Developer > It's ok. Now isnt bugged but first yes. I tryed it some times ago in demo.joomla.org and i remember that bug worked. see http://www.zone-h.org/component/option,com_poll/task,results/id,19/?mosmsg=VULN