Joomla! 'lang' Parameter XSS

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP application that is affected by a
cross-site scripting vulnerability.

Description :

The version of Joomla! running on the remote host is affected by a
cross-site scripting (XSS) vulnerability in idna_convert/example.php
due to improper sanitization of user-supplied input to the 'lang'
parameter before using it to generate dynamic HTML content. An
unauthenticated, remote attacker can exploit this to inject arbitrary
HTML and script code into the user's browser session.

See also :

http://www.nessus.org/u?ceaad26b
https://github.com/joomla/joomla-cms/issues/1658

Solution :

Unknown at this time. It is suggested that the script be removed.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 69280 ()

Bugtraq ID: 61600

CVE ID: CVE-2013-5583

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now