Security
-
[20130407] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-April-17
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Vertical Pigeon -
[20130401] - Core - Privilege Escalation
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Privilege Escalation
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3056
Description
Inadequate permission checking allows unauthorised user to delete private messages.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier -
[20130403] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-March-9
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3058
Description
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: James Kettle -
[20130405] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-26
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3059
Description
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Yannick Gaultier and Jeff Channell -
[20130402] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Information Disclosure
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3057
Description
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier
Main Menu
Video Feature
Latest Interviews
Podolski: We're contenders for gold
Any player whose presence at the first training session of a new season prompts a turn-out in excess.
Read more...
Ronaldo: Don't count us out
On the eve of his country’s South Africa 2010 bow, Portugal’s captain is quietly confident.
Read more...
Drogba: I'm afraid of nothing
His country's captain and primary source of goals, Didier Drogba has already won his first battle.
Read more...