High-Tech Bridge Security Research Lab discovered 2 vulnerabilities in MijoSearch Joomla Extension version 2.0.1, which can be exploited to gain access to potentially sensitive data and perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.
Cross-site Scripting vulnerability in MijoSearch exists due to insufficient sanitisation of user-supplied data appended to "/component/mijosearch/search" URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
Information Exposure Through Externally-generated Error Message vulnerability in MijoSearch exists due to improper implementation of error handling mechanisms in "/component/mijosearch/search" URL. A remote attacker can send a specially crafted HTTP GET request to the vulnerable web application and gain knowledge of full installation path of the application.
Read full details at High-Tech Bridge Advisory HTB23186: Multiple Vulnerabilities in MijoSearch.
No comments:
Post a Comment