Signature Detail

HTTP: HTML Script Tag Embedded in URL Variables

This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. A victim that accesses these hyperlinks can allow the attacker to view the victim's Web cookies. Web cookies typically contain sensitive information. This technique is also used by some advertisement company to gather information about people, since the extend of the information gathered cannot be controlled, this behavior is considered by default malicious.

Extended Description

Joomla! CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Joomla! CMS versions 1.6.3 and prior are vulnerable.

Affected Products

• Joomla joomla 1.6.3

References

• BugTraq: 16112
• BugTraq: 22246
• BugTraq: 36513
• BugTraq: 37100
• BugTraq: 37479
• BugTraq: 9484
• BugTraq: 63205
• BugTraq: 40430
• BugTraq: 54112
• BugTraq: 22819
• BugTraq: 21956
• BugTraq: 47902
• BugTraq: 72450
• BugTraq: 72559
• BugTraq: 100490
• BugTraq: 48471
• BugTraq: 101261
• BugTraq: 39776
• BugTraq: 22705
• BugTraq: 22738
• BugTraq: 16113
• BugTraq: 24775
• BugTraq: 28403
• BugTraq: 18449
• CERT: CA-2000-02
• CVE: CVE-2006-3101
• CVE: CVE-2007-0177
• CVE: CVE-2007-0589
• CVE: CVE-2007-1111
• CVE: CVE-2012-0233
• CVE: CVE-2008-1499
• CVE: CVE-2007-3613
• CVE: CVE-2009-1218
• CVE: CVE-2009-3469
• CVE: CVE-2009-4168
• CVE: CVE-2010-4647
• CVE: CVE-2004-2115
• CVE: CVE-2008-2123
• CVE: CVE-2009-1872
• CVE: CVE-2010-3003
• CVE: CVE-2008-6060
• CVE: CVE-2013-5013
• CVE: CVE-2012-4939
• CVE: CVE-2014-1754
• CVE: CVE-2014-1648
• CVE: CVE-2014-5212
• CVE: CVE-2014-5360
• CVE: CVE-2015-1630
• CVE: CVE-2015-1632
• CVE: CVE-2015-2294
• CVE: CVE-2007-5000
• CVE: CVE-2015-1159
• CVE: CVE-2012-2172
• CVE: CVE-2012-2171
• CVE: CVE-2011-0961
• CVE: CVE-2012-6585
• CVE: CVE-2012-6587
• CVE: CVE-2012-6589
• CVE: CVE-2014-9224
• CVE: CVE-2010-5322
• CVE: CVE-2015-2182
• CVE: CVE-2015-3300
• CVE: CVE-2011-4806
• CVE: CVE-2012-1912
• CVE: CVE-2012-2741
• CVE: CVE-2017-6973
• CVE: CVE-2017-12629
• CVE: CVE-2010-2655
• CVE: CVE-2010-2091
• CVE: CVE-2010-1090
• CVE: CVE-2014-6137
• CVE: CVE-2008-5330
• CVE: CVE-2013-0009
• CVE: CVE-2007-5923
• CVE: CVE-2019-10475
• CVE: CVE-2019-17092
• CVE: CVE-2017-17055
• CVE: CVE-2015-1757
• CVE: CVE-2015-1640
• CVE: CVE-2017-12927
• CVE: CVE-2016-7280
• CVE: CVE-2015-1575
• CVE: CVE-2017-5798
• CVE: CVE-2017-0068
• CVE: CVE-2018-8006
• CVE: CVE-2018-12998
• CVE: CVE-2010-0817
• CVE: CVE-2011-4155
• CVE: CVE-2011-4156
• CVE: CVE-2006-0069
• CVE: CVE-2006-0136
• CVE: CVE-2008-4014
• CVE: CVE-2012-3183
• CVE: CVE-2016-6837
• CVE: CVE-2009-1557
• CVE: CVE-2010-0724
• CVE: CVE-2010-0725
• CVE: CVE-2010-2147
• CVE: CVE-2014-100017
• CVE: CVE-2010-1091
• CVE: CVE-2010-1661
• CVE: CVE-2010-1662
• CVE: CVE-2010-2699
• CVE: CVE-2010-2700
• CVE: CVE-2010-2714
• CVE: CVE-2010-2715
• CVE: CVE-2014-10010
• CVE: CVE-2013-5311
• CVE: CVE-2014-10035
• CVE: CVE-2009-4597
• CVE: CVE-2010-0380
• CVE: CVE-2010-4794
• CVE: CVE-2010-4795
• CVE: CVE-2010-4857
• CVE: CVE-2012-2996
• CVE: CVE-2012-4189
• CVE: CVE-2012-6504
• CVE: CVE-2012-6505
• CVE: CVE-2014-8954
• CVE: CVE-2010-1711
• CVE: CVE-2010-2654
• CVE: CVE-2012-4262
• CVE: CVE-2012-5330
• CVE: CVE-2014-0870
• URL: https://mantisbt.org/bugs/view.php?id=21611
• URL: https://www.pfsense.org/security/advisories/pfsense-sa-16_06.squid.asc
• URL: http://php-security.org/MOPB/MOPB-08-2007.html
• URL: http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html