Summary
This host is running Joomla Joomseller Event Booking Pro plugin and is prone to xss vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary HTML or script code and or discloses sensitive information resulting in loss of confidentiality.
Solution
Upgrade to JSE Event version 1.0.3,
For updates refer to http://joomseller.com/joomla-components/jse-event.html
Insight
Input passed via 'info' parameter to 'mod_eb_v5_mini_calendar/tmpl/tootip.php' is not properly sanitised before being returned to the user.
Affected
Joomla Components com_events_booking_v5 and com_jse_event before 1.0.3
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities