CVE-2007-6455 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6455): Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
Web-apps, please advise.
4.6.3 does not fix this.
Are you certain that 4.6.3 is still vulnerable to this? I tried to reproduce the problem but was unable to confirm the XSS with 4.6.3. Looking at the code gave me the impression that both "option" and "Itemid" are properly sanitized in 4.6.3. This was just a quick glimpse so I'm not 100% certain but I thought I ask for a reference that identifies this problem as being unsolved before going deeper.
I did not independently research this, but Secunia updated their advisory avialable here: http://secunia.com/advisories/28133 ChangeLog states: 2007-12-27: Updated "Description" section to include version 4.6.3 as vulnerable. I'll contact them.
Okay, then I'm probably wrong and it still exists. I only checked the URLs given in http://www.securityfocus.com/archive/1/archive/1/485257/100/0/threaded but I used Firefox for that. I did not see the Secunia information. Can somebody else check this with Internet Explorer 6?
Secunia confirmed the vulnerabilities still exist when using Konqueror for example. I don't have a Mambo installation ready to test.
this may be subject to security mask too, CVE history is just too long to not mask this ... bug 211166
It's up to the web-apps wether to mask this one.
this is basically the same codebase as joomla, so the same procedure applies .. masked
"more issues with mambo" : http://secunia.com/advisories/30685/ this is CVE-2008-2905, no fix available atm.
(In reply to comment #9) > this is basically the same codebase as joomla, so the same procedure applies .. > masked > Mambo 4.6.x is quite different to Joomla 1.0.x and has had very few vulnerabilities. CVE-2007-6455 was not able to be reproduced in Mambo 4.6.3 however further hardening was done with Mambo 4.6.4. CVE-2008-2905 was reported by Mambo when it was discovered and Mambo 4.6.5 released almost immediately. Currently, there are multiple new reports of vulnerabilities in Mambo 4.6.2 possibly due to people not reading the news announcements on sourceforge. New releases of Mambo are made on the Mambo forge at http://mambo-code.org
There have been no updates to Mambo in more than two years. Maybe we should treeclean it.
PLEASE!
removed