Summary
This host is installed with Joomla! component SMF and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available.
For updates refer to http://www.joomla.org
Insight
The flaw is due to insufficient validation of 'itemid' HTTP GET parameter passed to 'index.php' script.
Affected
SMF Component for Joomla
Detection
Send a crafted data via HTTP GET request and check whether it is possible to read a given string.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- aeNovo Database Content Disclosure Vulnerability