Detections
Analytics
FreeBSD : Joomla! -- XXS and DDoS vulnerabilities (57df803e-af34-11e2-8d62-6cf0490a8c18)
medium Nessus Plugin ID 66250
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The JSST and the Joomla! Security Center report : [20130405] - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. [20130403] - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances.[20130402] - Core - Information Disclosure Inadequate permission checking allows unauthorised user to see permission settings in some circumstances. [20130404] - Core - XSS Vulnerability Use of old version of Flash-based file uploader leads to XSS vulnerability.
[20130401] - Core - Privilege Escalation Inadequate permission checking allows unauthorised user to delete private messages.
[20130406] - Core - DOS Vulnerability Object unserialize method leads to possible denial of service vulnerability. [20130407] - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in highlighter plugin
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 66250
File Name: freebsd_pkg_57df803eaf3411e28d626cf0490a8c18.nasl
Version: 1.9
Type: local
Family: FreeBSD Local Security Checks
Published: 4/29/2013
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:joomla, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 4/27/2013
Vulnerability Publication Date: 4/24/2013
Reference Information
CVE: CVE-2013-3056, CVE-2013-3057, CVE-2013-3058, CVE-2013-3059, CVE-2013-3242, CVE-2013-3267