MustLive has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "searchword" parameter in index.php (when "option" is set to "com_search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the victim changes the number of search results in a drop-down box, after having clicked on the malicious link. The vulnerability is confirmed in version 1.0.13. Other versions may also be affected. Solution: Edit the source code to ensure that input is properly sanitised.
Web-apps, please provide an updated ebuild.
There exists no updated source package and neither the com_search module nor index.php did seem to have any changes that relate to the issue. This requires upstream action.
Gunnar, could you contact upstream about this please?
They know => http://forum.joomla.org/index.php/topic,222837.0.html I'll check in a few days again
This has been discussed in the forum thread linked above and is apparently a false positive. I checked on 1.5.0 and could not reproduce the XSS. I suggest to close this bug.
Gunnar after a quick read of the link provided I don't think it's a false positive. Also Secunia still lists it and provide a link to a patch (though I can't connect to it right now).
Yes, guess you are right, sorry. I'm still not certain if should exist on 1.5 anymore. I'll have to check the code...
Seems like this is finally fixed, along with other issues: * SECURITY [LOW] Fixed XSS issue in Search Component. * SECURITY [LOW] Fixed XSS issue in Search results pages. * SECURITY [LOW] Disallowed users from adding extra wildcard filters in search strings. * SECURITY [LOW] Fixed multiple typos in back end Content Component making array integer check ineffective. * SECURITY [LOW] Fixed case-sensitive flaw in Input Filter. * SECURITY [HIGH] Fixed CSRF issue allowing portal compromise - Administrator components. http://www.joomla.org/content/view/4563/1/
Just realised 1.0* is gone from the tree. So this is fixed, as the 1.5 issues are handled in bug 204335.