关键信息摘要 Advisory #: 168 Title: XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Author: Larry W. Cashdollar, @_larry0 Date: 2016-07-22 CVE-ID: [CVE-2016-1000121][CVE-2016-1000122] CVE: CWE-79 Cross-Site Scripting (XSS) Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/slider Vendor: huge-it.com Vendor Notified: 2016-07-22 Vulnerability: XSS: Present in via variable. SQLi: Found in several sections of . Exploit Code: XSS: - URL: SQLi: - URL: