Lucene search

[email protected]CVE-2013-5951

HistoryMar 25, 2014 - 4:55 p.m.

CVE-2013-5951

2014-03-2516:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-5951

xss

extplorer 2.1.3

joomla! security

web script injection

html injection

path_info vulnerability

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.

CPENameOperatorVersion
extplorer:extplorerextplorereq2.1.3

CPE	Name	Operator	Version
extplorer:extplorer	extplorer	eq	2.1.3

References

archives.neohapsis.com/archives/fulldisclosure/2014-03/0273.html

secunia.com/advisories/57387

secunia.com/advisories/57482

www.debian.org/security/2014/dsa-2882

www.securityfocus.com/bid/66262

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2013-5951

nessus1 ubuntucve1 osv1 securityvulns2 openvas2 debian2 packetstorm1 prion1 seebug1