Description
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by David Sopas Ferreira · textwebappsphp
https://www.exploit-db.com/exploits/23657
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9588
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15062
Exploit x_refsource_misc
http://www.systemsecure.org/advisories/ssadvisory06022004.php
Scores
EPSS
0.0052
EPSS Percentile
67.0%
Details
Status
published
Products (1)
mambo/mambo_open_source
4.6
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026