CVE-2013-5951 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3 when used as a component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php (3) copy_move.php (4) functions.php (5) header.php or (6) upload.php in include/.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0273.html http://secunia.com/advisories/57387 http://secunia.com/advisories/57482 http://www.debian.org/security/2014/dsa-2882 http://www.securityfocus.com/bid/66262