Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • zizozoro Friend
    #169001

    [20110903] – Core – Information Disclosure

    Posted: 26 Sep 2011 01:59 PM PDT

    Project: Joomla!
    SubProject: All
    Severity: Low
    Versions: 1.7.0
    Exploit type: Information Disclosure
    Reported Date: 2011-September-23
    Fixed Date: 2011-September-26

    Description

    Inadequate error checking causes information disclosure.
    Affected Installs

    Joomla! version 1.7.0
    Solution

    Upgrade to the latest Joomla! version (1.7.1 or later)

    Reported by National Vulnerability Database
    Contact

    The JSST at the Joomla! Security Center.

    [20110901] – Core – XSS Vulnerability

    Posted: 22 Sep 2011 07:33 PM PDT

    Project: Joomla!
    SubProject: All
    Severity: Medium
    Versions: 17.0 and all 1.6.x versions
    Exploit type: XSS
    Reported Date: 2011-August-02
    Fixed Date: 2011-September-22

    Description

    Inadequate escaping leads to XSS vulnerability in com_search.
    Affected Installs

    Joomla! version 1.7.0 and all 1.6.x versions
    Solution

    Upgrade to the latest Joomla! version (1.7.1 or later)

    Reported by Aung Khant
    Contact

    The JSST at the Joomla! Security Center.

    [20110902] – Core – XSS Vulnerability

    Posted: 22 Sep 2011 07:33 PM PDT

    Project: Joomla!
    SubProject: All
    Severity: Medium
    Versions: 17.0 and all 1.6.x versions
    Exploit type: XSS
    Reported Date: 2011-August-02
    Fixed Date: 2011-September-22

    Description

    Inadequate escaping leads to XSS vulnerability in back end.
    Affected Installs

    Joomla! version 1.7.0 and all 1.6.x versions
    Solution

    Upgrade to the latest Joomla! version (1.7.1 or later)

    Reported by Aung Khant
    Contact

    The JSST at the Joomla! Security Center.

    jneubauer Friend
    #415261

    This is something that we in the Bug Squad have already dealt with, and has already been fixed in Joomla! 1.7.1
    If you are running a 1.7.0 site (the only version that has this vulnerability), all you have to do is use the update manager to move up to 1.7.1.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic contains 2 replies, has 2 voices, and was last updated by  jneubauer 13 years, 1 month ago.

We moved to new unified forum. Please post all new support queries in our New Forum