This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote web server hosts a PHP script that is susceptible to a
cross-site scripting attack.
The version of Mambo installed on the remote host does not sanitize
input to the 'task' parameter of 'index.php' when 'option' is set to
'com_content' before using it to generate dynamic HTML.
An attacker could leverage this issue to inject arbitrary HTML or script
code into a user's browser to be executed within the security context of
the affected site.
Note that this install is likely to be affected by several similar
issues affecting its administrative pages, although Nessus has not
checked for them.
See also :
Apply the patch referenced in Mambo Tracker issue #479.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 55511 ()
Bugtraq ID: 48455