TinyBrowser Multiple Flaws

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP application that is affected by a
cross-site scripting issue.

Description :

TinyBrowser, an open source web file browser is installed on the
remote system. TinyBrowser is typically bundled with web applications
such as TinyMCE WYSIWYG content editor and Joomla! content management
system, although it can also be used in its standalone configuration
or integrated with custom web applications.

The installed version fails to sanitize input passed to 'goodfiles',
'badfiles' and 'dupfiles' parameters in the '/tinybrowser/upload.php'
script before using it to generate dynamic HTML content. An
unauthenticated, remote attacker may be able to leverage this issue to
inject arbitrary HTML or script code into a user's browser to be
executed within the security context of the affected site.

The installed version is likely to be affected by several other
vulnerabilities, although Nessus has not checked for them. These
could allow an unauthenticated user to view, upload, delete, and
rename files and folders on the affected host or to launch cross-site
request forgery attacks using the application.

See also :

http://www.nessus.org/u?bb00c05f
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0463.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0465.html

Solution :

Unknown if TinyBrowser is used in standalone configuration. If used
with Joomla! 1.5.12 upgrade to Joomla! version 1.5.13.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 40493 ()

Bugtraq ID: 35855

CVE ID: