[20100704] – Core – XSS Vulnerabilities in Back End

Posted by Timby in Joomla on 11 30th, 2010 | no responses

Project: Joomla!
SubProject: All
Severity: Medium
Versions: 1.5.19 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-June-1
Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by Mesut Timur.

Contact

The JSST at the Joomla! Security Center.

Joomla! Developer Network – Security News

Get Shareaholic

Leave a Reply

Powered by Wordpress | Designed by Elegant Themes