Title: Mambo Multiple Unspecified Cross Site Scripting Vulnerabilities and Unspecified Vulnerability
Severity: MODERATE
Description:
Mambo is a PHP-based content manager.
Mambo is prone to multiple remote vulnerabilities:
- An unspecified vulnerability occurs in the template chooser functionality.
- Multiple unspecified cross-site scripting vulnerabilities affecting unknown parameters. To exploit these vulnerabilities, an attacker must have valid administrator credentials.
The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Very little information is known about the unspecified vulnerability; we will update this BID as soon as more information becomes available.
Versions prior to Mambo 4.6.3 are vulnerable.
Affected Products:
- Mambo Mambo Open Source 4.0.14
- Mambo Mambo Open Source 4.5.0 (1.0.0)
- Mambo Mambo Open Source 4.5.0 (1.0.1)
- Mambo Mambo Open Source 4.5.0 (1.0.2)
- Mambo Mambo Open Source 4.5.0 (1.0.3)
- Mambo Mambo Open Source 4.5.0 (1.0.3beta)
- Mambo Mambo Open Source 4.5.1
- Mambo Mambo Open Source 4.5.1 (1.0.9)
- Mambo Mambo Open Source 4.5.1 Beta
- Mambo Mambo Open Source 4.5.1 Beta 2
- Mambo Mambo Open Source 4.5.2
- Mambo Mambo Open Source 4.5.2 .1
- Mambo Mambo Open Source 4.5.2 .2
- Mambo Mambo Open Source 4.5.2 .3
- Mambo Mambo Open Source 4.5.3
- Mambo Mambo Open Source 4.5.3h
- Mambo Mambo Open Source 4.5.4
- Mambo Mambo Open Source 4.5.4 SP3
- Mambo Mambo Open Source 4.5.5
- Mambo Mambo Open Source 4.6.0
- Mambo Mambo Open Source 4.6.0 rc1
- Mambo Mambo Open Source 4.6.0 rc2
- Mambo Mambo Open Source 4.6.0CVS
- Mambo Mambo Open Source 4.6.1
- Mambo Mambo Open Source 4.6.1
- Mambo Mambo Open Source 4.6.2
- Mambo Mambo Site Server 3.7.0
References:
- Mambo: Mambo 4.6.3 Released!
- Mambo: Mambo Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
