TinyBrowser Multiple XSS

medium Nessus Plugin ID 40493

Synopsis

The remote web server contains a PHP application that is affected by multiple cross-site scripting vulnerabilities.

Description

TinyBrowser, an open source web file browser, is running on the remote host. TinyBrowser is typically bundled with web applications, such as TinyMCE WYSIWYG content editor or the Joomla! content management system, although it can also be used in its standalone configuration or integrated with other custom web applications.

The version of the TinyBrowser component running on the remote host is affected by multiple cross-site scripting (XSS) vulnerability in /tinybrowser/upload.php due to improper sanitization of user-supplied input to the 'goodfiles', 'badfiles' and 'dupfiles' parameters before using it to generate dynamic HTML content. An unauthenticated, remote attacker can exploit these to inject arbitrary HTML and script code into the user's browser session.

Note that this version of TinyBrowser may be affected by several other vulnerabilities that allow an unauthenticated user to view, upload, delete, and rename files and folders on the affected host, or to launch cross-site request forgery attacks using the application.
However, Nessus has not checked for these.

Solution

It could not be determined if TinyBrowser is used in a standalone configuration. If used with Joomla! 1.5.12, upgrade to Joomla! version 1.5.13.

See Also

http://www.nessus.org/u?bb00c05f

https://seclists.org/fulldisclosure/2009/Jul/462

https://seclists.org/fulldisclosure/2009/Jul/464

Plugin Details

Severity: Medium

ID: 40493

File Name: tinybrowser_multiple_xss.nasl

Version: 1.21

Type: remote

Published: 8/5/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:joomla:joomla%5c%21

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/22/2009

Vulnerability Publication Date: 7/27/2009

Reference Information

BID: 35855

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

SECUNIA: 36031