Joomla Component Youtube Gallery Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Joomla! component youtube gallery and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and launch other attacks. Impact Level: Application

Solution

Upgrade to Joomla Youtube Gallery version 3.8.4 or later. For updates refer to http://www.joomlaboat.com/youtube-gallery

Insight

The flaw is due to insufficient validation of 'videofile' HTTP GET parameter passed to '/includes/flvthumbnail.php' script.

Affected

Joomla Youtube Gallery version 3.4.0 and probably other versions.

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2014/Mar/264
http://www.osvdb.com/104546

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-5956

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Tomcat Directory Listing and File disclosure
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities