Westpoint Security Advisory
---------------------------

Title:        Joomla! 1.5.9 - Cross-Site Scripting Vulnerability in index.php
Risk Rating:  Medium
Platforms:    PHP (Windows and Unix)
Author:       Andrew Paterson <andrew@westpoint.ltd.uk>
Date:         12 Mar 2009
Advisory ID#: wp-09-0004
URL:          http://www.westpoint.ltd.uk/advisories/wp-09-0004.txt
CVE:          number requested from cve@mitre.org on 05 Mar 2009

Overview
--------

Joomla 1.5.9 contains a flaw in index.php which exposes users to cross-site
scripting exploits.

Details
-------

http://{joomla_location}/index.php

is cross-site script-able in the "com_content" view, via the "filter"
parameter.  An example which demonstrates this (using the default sample data
provided with Joomla) is:

http://{joomla_location}/index.php?option=com_content&view=category&id=29:the-cms&Itemid=37&layout=default&filter=%22%20onfocus=%22alert(%27Vulnerable%27);%22/%3E

This script filters out angle-bracket pairs to remove user-provided HTML tags,
but allows double quotes through and also allows a single "greater than" angle 
bracket through, allowing the input tag to be closed.


Impact
------

This flaw allows a potential attacker to inject malicious JavaScript or HTML
code, which will run at the same trust level as the server. This may enable
them to steal session cookies, form details, or other information.


Timeline
--------

12 Mar 2009    Joomla! authors informed of the vulnerability
25 Mar 2009    Joomla! security news announces the fix: http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html
28 Mar 2009    Joomla! 5.2.10 released with fix applied: http://www.joomla.org/announcements/release-news/5231-joomla-1510-security-release-now-available.html

			
Designed & Built by e3creative