Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-8421

Date: January 28, 2020

Overview

An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

Details

An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

PoC Details

Login to Joomla! as administrator, and create a new user 'test'.
Logout from admin, and login as new user 'test', to create an action log on the admin actionlogs panel.
Now connect to the database, and update the newly created user's DB record in the <joomladb name>.<dbprefix>users table, to the given payload below.
Now, login back as admin and navigate to the action logs page, and see the payload getting executed.

PoC Code

<script>alert(document.cookie)</script>

Affected Environments

Joomla! before 3.9.15

Prevention

Upgrade to Joomla! version 3.9.15

Language: PHP

Good to know:

icon

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information:

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2020-8421
https://developer.joomla.org/security-centre/800-20200103-core-xss-in-com-actionlogs
https://www.mend.io/vulnerability-database/CVE-2020-8421