Hello,

After a check of my website for vunerabilities, I have found that the plug in contentstatitics is vunerable to XSS attack:

if I do :
mywebsite.com/?test="%3Balert%281%29%3B"
then an alert javascript button pops up.

I have narrowed the problem to this:

//new for v2
$uri = JFactory::getURI();
$document = JFactory::getDocument();

$thevars = JRequest::get('get');

//not interested in these vars
unset($thevars['task']);

$url_append = "";

foreach($thevars as $var => $value){
if(!is_array($value)) $url_append .= "&".$var."=".$value;
}

$document->addScriptDeclaration('var cs_module_append_url = "'.$url_append.'";');

The plug-in copies the exact url and is giving the following output:
var cs_module_append_url = "&query=";alert(1);"&option=com_sppagebuilder&view=page&id=31&Itemid=1365";

Since my site was attacked recently, I had to provide a quick and very simple fix:
if(!is_array($value)) {
$url_append .= "&".htmlspecialchars($var, ENT_QUOTES,'UTF_8')."=".htmlspecialchars($value, ENT_QUOTES,'UTF_8');
}

I do not know yet, if it will have an impact on my stats.

Best regards,

CZ