FreeBSD : Joomla! -- XXS and DDoS vulnerabilities (57df803e-af34-11e2-8d62-6cf0490a8c18)

medium Nessus Plugin ID 66250

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The JSST and the Joomla! Security Center report : [20130405] - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. [20130403] - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances.
[20130402] - Core - Information Disclosure Inadequate permission checking allows unauthorised user to see permission settings in some circumstances. [20130404] - Core - XSS Vulnerability Use of old version of Flash-based file uploader leads to XSS vulnerability.
[20130401] - Core - Privilege Escalation Inadequate permission checking allows unauthorised user to delete private messages.
[20130406] - Core - DOS Vulnerability Object unserialize method leads to possible denial of service vulnerability. [20130407] - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in highlighter plugin

Solution

Update the affected package.

See Also

http://www.nessus.org/u?ebdd534a

http://www.nessus.org/u?61d02679

Plugin Details

Severity: Medium

ID: 66250

File Name: freebsd_pkg_57df803eaf3411e28d626cf0490a8c18.nasl

Version: 1.9

Type: local

Published: 4/29/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:joomla, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/27/2013

Vulnerability Publication Date: 4/24/2013

Reference Information

CVE: CVE-2013-3056, CVE-2013-3057, CVE-2013-3058, CVE-2013-3059, CVE-2013-3242, CVE-2013-3267