This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote web server hosts a PHP script that is susceptible to a
cross-site scripting attack.
The version of Mambo installed on the remote host does not sanitize
input to the 'task' parameter of 'index.php' when 'option' is set to
'com_content' before using it to generate dynamic HTML.
An attacker could leverage this issue to inject arbitrary HTML or script
code into a user's browser to be executed within the security context of
the affected site.
Note that this install is likely to be affected by several similar
issues affecting its administrative pages, although Nessus has not
checked for them.
See also :
Apply the patch referenced in Mambo Tracker issue #479.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 55511 ()
Bugtraq ID: 48455
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.