This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote web server contains a PHP script that is affected by a
cross-site scripting vulnerability.
The version of Joomla installed on the remote host fails to sanitize
user-supplied input to the 'order' parameter before using it in the
'components/com_content/content.php' script to generate dynamic
output. An unauthenticated, remote attacker may be able to leverage
this issue to inject arbitrary HTML or script code into a user's
browser to be executed within the security context of the affected
In addition, the application may also be affected by a session
fixation vulnerability in the administrator application as well as
several other cross-site scripting and cross-site request forgery
vulnerabilities, although Nessus did not test for them.
See also :
Upgrade to Joomla 1.0.13 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true