CVE-2013-5951
Joomla eXtplorer 2.1.3 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.
MĂșltiples vulnerabilidades de XSS en eXtplorer 2.1.3, cuando se utiliza como componente para Joomla!, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a travĂ©s del PATH_INFO hacia (1) application.js.php en scripts/ o (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php o (6) upload.php en include/.
Joomla eXtplorer component version 2.1.3 suffers from a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-09-27 CVE Reserved
- 2014-03-15 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/66262 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0273.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/57387 | 2016-12-31 | |
| http://secunia.com/advisories/57482 | 2016-12-31 | |
| http://www.debian.org/security/2014/dsa-2882 | 2016-12-31 |