ID JOOMLA-824
Type joomla
Reporter Open Source Matters, Inc.
Modified 2020-08-25T00:00:00
Description
Lack of escaping in mod_latestactions allows XSS attacks.
{"id": "JOOMLA-824", "bulletinFamily": "software", "title": "[20200801] - Core - XSS in mod_latestactions", "description": "Lack of escaping in mod_latestactions allows XSS attacks.\n", "published": "2020-08-25T00:00:00", "modified": "2020-08-25T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions.html?highlight=WyJleHBsb2l0Il0=", "reporter": "Open Source Matters, Inc.", "references": [], "cvelist": ["CVE-2020-24599"], "type": "joomla", "lastseen": "2020-12-24T13:21:37", "edition": 3, "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-24599"]}, {"type": "nessus", "idList": ["JOOMLA_3921.NASL"]}], "modified": "2020-12-24T13:21:37", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2020-12-24T13:21:37", "rev": 2}, "vulnersScore": 4.2}, "affectedSoftware": [{"name": "joomla! cms", "operator": "lt", "version": "3.9.21"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T22:03:10", "description": "An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-08-26T22:15:00", "title": "CVE-2020-24599", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24599"], "modified": "2020-08-28T16:06:00", "cpe": [], "id": "CVE-2020-24599", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24599", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "nessus": [{"lastseen": "2020-12-05T11:21:20", "description": "According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to\n3.9.21. It is, therefore, affected by multiple vulnerabilities.\n\n - Lack of escaping in mod_latestactions allows XSS attacks. (CVE-2020-24599)\n\n - Lack of input validation in com_content leads to an open redirect. (CVE-2020-24598)\n\n - Lack of input validation allows com_media root paths outside of the webroot. (CVE-2020-24597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-08-27T00:00:00", "title": "Joomla 2.5.x < 3.9.21 Multiple Vulnerabilities (5821-joomla-3-9-21)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-24598", "CVE-2020-24597", "CVE-2020-24599"], "modified": "2020-08-27T00:00:00", "cpe": ["cpe:/a:joomla:joomla\\!"], "id": "JOOMLA_3921.NASL", "href": "https://www.tenable.com/plugins/nessus/139875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139875);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/04\");\n\n script_cve_id(\"CVE-2020-24597\", \"CVE-2020-24598\", \"CVE-2020-24599\");\n script_xref(name:\"IAVA\", value:\"2020-A-0393-S\");\n\n script_name(english:\"Joomla 2.5.x < 3.9.21 Multiple Vulnerabilities (5821-joomla-3-9-21)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PHP application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to\n3.9.21. It is, therefore, affected by multiple vulnerabilities.\n\n - Lack of escaping in mod_latestactions allows XSS attacks. (CVE-2020-24599)\n\n - Lack of input validation in com_content leads to an open redirect. (CVE-2020-24598)\n\n - Lack of input validation allows com_media root paths outside of the webroot. (CVE-2020-24597)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.joomla.org/announcements/release-news/5821-joomla-3-9-21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01923827\");\n # https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf8b067d\");\n # https://developer.joomla.org/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf9882d4\");\n # https://developer.joomla.org/security-centre/827-20200803-core-directory-traversal-in-com-media.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?592f5c43\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Joomla! version 3.9.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24598\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:joomla:joomla\\!\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"joomla_detect.nasl\");\n script_require_keys(\"installed_sw/Joomla!\", \"www/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:'Joomla!', port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '2.5.0', 'max_version' : '3.9.20', 'fixed_version' : '3.9.21' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});\n\n\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}]}
