Always Sunny in Los Angeles!

[20100704] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

• Project: Joomla!
• SubProject: All
• Severity: Medium
• Versions: 1.5.18 and all previous 1.5 releases
• Exploit type: XSS Injection
• Reported Date: 2010-June-1
• Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by oCERT.

 

[20100703] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

• Project: Joomla!
• SubProject: All
• Severity: Medium
• Versions: 1.5.18 and all previous 1.5 releases
• Exploit type: XSS Injection
• Reported Date: 2010-June-8
• Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by José Antonio Vázquez González

[20100702] - Core - XSS Vulnerabillitis in Back End

Posted: 15 Jul 2010 09:04 AM PDT

• Project: Joomla!
• SubProject: All
• Severity: Medium
• Versions: 1.5.18 and all previous 1.5 releases
• Exploit type: XSS Injection
• Reported Date: 2010-June-8
• Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.18 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by José Antonio Vázquez González

[20100701] - Core - SQL Injection / Internal Path Exposure

Posted: 15 Jul 2010 09:04 AM PDT