PT-2002-2386 · Mambo · Mambo Site Server

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1662

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mambo Site Server version 4.0.11

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary scripts on other clients. The vulnerabilities can be exploited via the "search.php" API endpoint and the "Your name" field during account registration.

Recommendations For Mambo Site Server version 4.0.11, consider disabling the search functionality in "search.php" and restricting input in the "Your name" field during account registration to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1662

Affected Products

Mambo Site Server

PT-2002-2386 · Mambo · Mambo Site Server

CVE-2002-1662

Related Identifiers

Affected Products

References · 5