Huge Performance Improvements, CSS Units and More

Joomla Wesbite Builder Gridbox with Performance Improvements and CSS Units
Menu
Mon. - Fri. 9 am - 5 pm Ask a Question
Keyword
Remember me
Forgot your password? Forgot your username?
Forum
Joomla Extensions
Joomla Gallery
XSS vulnerability

XSS vulnerability

1 week 6 days ago #1

  • Jüri Raudmaa's Avatar
  • Jüri Raudmaa
  • Posts: 16
Hello!

There are XSS vulnerability in BaGallery when in category options under lightbox is 'enable alias' are enabled. This alias gives url to image when i click on it: www.mydomain.xx/?107 (number based on image ID i guess). But attacker can use it like that:
www.mydomain.xx/?107%22%3E%3Cimg%20src=X...(document.domain)%3E
Attachments:
The administrator has disabled public write access.

1 week 6 days ago #2

  • Vyacheslav's Avatar
  • Vyacheslav
  • Posts: 26073
Hello,

Thank you for letting us know,
We will take it into account

Regards,
Vyacheslav, Balbooa.com
Last Edit: 1 week 6 days ago by Vyacheslav.
The administrator has disabled public write access.
Powered by Kunena Forum