Mambo task Parameter XSS

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts a PHP script that is susceptible to a
cross-site scripting attack.

Description :

The version of Mambo installed on the remote host does not sanitize
input to the 'task' parameter of 'index.php' when 'option' is set to
'com_content' before using it to generate dynamic HTML.

An attacker could leverage this issue to inject arbitrary HTML or script
code into a user's browser to be executed within the security context of
the affected site.

Note that this install is likely to be affected by several similar
issues affecting its administrative pages, although Nessus has not
checked for them.

See also :

Solution :

Apply the patch referenced in Mambo Tracker issue #479.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 55511 ()

Bugtraq ID: 48455


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial