Mambo task Parameter XSS

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts a PHP script that is susceptible to a
cross-site scripting attack.

Description :

The version of Mambo installed on the remote host does not sanitize
input to the 'task' parameter of 'index.php' when 'option' is set to
'com_content' before using it to generate dynamic HTML.

An attacker could leverage this issue to inject arbitrary HTML or script
code into a user's browser to be executed within the security context of
the affected site.

Note that this install is likely to be affected by several similar
issues affecting its administrative pages, although Nessus has not
checked for them.

See also :

Solution :

Apply the patch referenced in Mambo Tracker issue #479.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 55511 ()

Bugtraq ID: 48455


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now