------------------------------------------------------------------------------------------------ # Joomla $ python jscanner.py analyze -u targetsite.com JScanner 1.3.0 - What's under the hood? Copyright (C) 2016-2020 FabbricaBinaria - Davide Tampellini =============================================================================== JScanner is Free Software, distributed under the terms of the GNU General Public License version 3 or, at your option, any later version. This program comes with ABSOLUTELY NO WARRANTY as per sections 15 & 16 of the license. See http://www.gnu.org/licenses/gpl-3.0.html for details. =============================================================================== [*] Checking if URL http://targetsite.com is online [+] Site http://targetsite.com seems online [*] Analyzing site http://targetsite.com [*] Trying to get the exact version from the XML file... [+] Detected Joomla! version(s): 3.6.3 [+] Found the following vulnerabilities: [20161002] - Core - Elevated Privileges Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Severity: high CVE: CVE-2016-8869 [20161203] - Core - Information Disclosure Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content. Severity: low CVE: CVE-2016-9837 [20170402] - Core - XSS Vulnerability Inadequate filteringĀ leads to XSS in the template manager component. Severity: low CVE: CVE-2017-7984 [20170403] - Core - XSS Vulnerability Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. Severity: low CVE: CVE-2017-7985 [20170401] - Core - Information Disclosure Mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Severity: low CVE: CVE-2017-7983 [20170406] - Core - ACL Violations Inadequate filtering of form contents lead allow to overwrite the author of an article. Severity: low CVE: CVE-2017-7988 [20170407] - Core - ACL Violations Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. Severity: low CVE: CVE-2017-7989 [20170404] - Core - XSS Vulnerability Inadequate filtering of specific HTML attributesĀ leads to XSS vulnerabilities in various components. Severity: low CVE: CVE-2017-7986 [20170405] - Core - XSS Vulnerability Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. Severity: low CVE: CVE-2017-7987 [20170408] - Core - Information Disclosure Multiple files caused full path disclosures on systems with enabled error reporting. Severity: low CVE: CVE-2017-8057 [20170703] - Core - XSS Vulnerability Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. Severity: low CVE: CVE-2017-7985 [20161202] - Core - Shell Upload Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded. Severity: low CVE: CVE-2016-9836 [20161201] - Core - Elevated Privileges Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments. Severity: high CVE: CVE-2016-9838 [20161003] - Core - Account Modifications Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments. Severity: high CVE: CVE-2016-9081 [20161001] - Core - Account Creation Inadequate checks allows for users to register on a site when registration has been disabled. Severity: high CVE: CVE-2016-8870