321917 – <www-apps/joomla-1.5.18 : XSS Vulnerabilities in Back End

Bug 321917 - <www-apps/joomla-1.5.18 : XSS Vulnerabilities in Back End

Summary: <www-apps/joomla-1.5.18 : XSS Vulnerabilities in Back End

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-05-28 21:45 UTC by Olivier Huber
Modified:	2010-06-03 12:48 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild patch (joomla-1.5.18.diff,544 bytes, patch) 2010-05-28 21:47 UTC, Olivier Huber	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olivier Huber 2010-05-28 21:45:54 UTC

Description :
Back-end user can inject javascript in various administrator screens.

source : http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html

Joomla 1.5.18 works fine on my websites.

Christian : can you please bump joomla in the tree, thank you.

Comment 1 Olivier Huber 2010-05-28 21:47:34 UTC

Created attachment 233327 [details, diff]
ebuild patch

Comment 2 Christian Faulhammer (RETIRED) gentoo-dev

2010-06-02 09:16:37 UTC

I am still not operational...security team, please.

Comment 3 Christian Faulhammer (RETIRED) gentoo-dev

2010-06-03 08:59:18 UTC

1.5.18 works great, bump from Olivier is straight-forward and ok

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2010-06-03 12:48:33 UTC

Thanks, committed. ~arch only → [noglsa].