Access Control: Joomla Solidres 2.13.3 - Cross-Site Scripting¶

Identifier: joomla_solidres_xss

Scanner(s) Support¶

Description¶

Joomla extension for Solidres is vulnerable to cross-site scripting in the GET parameter 'show', allowing attackers to execute arbitrary scripts.

How we test: We test for XSS vulnerabilities in Joomla Solidres by injecting malicious payloads into the show parameter and analyzing responses to detect if scripts are executed in the browser.

Reference:

• https://www.exploit-db.com/exploits/51638
• https://cxsecurity.com/issue/WLB-2023070080
• https://cyberlegion.io/joomla-solidres-2-13-3-cross-site-scripting/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  joomla_solidres_xss:
    skip: false

Reference¶

skip¶

Type : boolean

Skip the test if true.