FreeBSD : Joomla! -- XXS and DDoS vulnerabilities (57df803e-af34-11e2-8d62-6cf0490a8c18)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The JSST and the Joomla! Security Center report : [20130405] - Core -
XSS Vulnerability Inadequate filtering leads to XSS vulnerability in
Voting plugin. [20130403] - Core - XSS Vulnerability Inadequate
filtering allows possibility of XSS exploit in some circumstances.
[20130402] - Core - Information Disclosure Inadequate permission
checking allows unauthorised user to see permission settings in some
circumstances. [20130404] - Core - XSS Vulnerability Use of old
version of Flash-based file uploader leads to XSS vulnerability.
[20130401] - Core - Privilege Escalation Inadequate permission
checking allows unauthorised user to delete private messages.
[20130406] - Core - DOS Vulnerability Object unserialize method leads
to possible denial of service vulnerability. [20130407] - Core - XSS
Vulnerability Inadequate filtering leads to XSS vulnerability in
highlighter plugin

See also :

http://www.nessus.org/u?5c1c7598
http://www.nessus.org/u?ef6cec3a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66250 ()

Bugtraq ID:

CVE ID: CVE-2013-3056
CVE-2013-3057
CVE-2013-3058
CVE-2013-3059
CVE-2013-3242
CVE-2013-3267

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now