333271 – <=www-apps/joomla-1.5.19: XSS Vulnerabilities in Back End

Bug 333271 - <=www-apps/joomla-1.5.19: XSS Vulnerabilities in Back End

Summary: <=www-apps/joomla-1.5.19: XSS Vulnerabilities in Back End

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://developer.joomla.org/security/...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-08-18 04:25 UTC by Tim Sammut (RETIRED)
Modified:	2010-08-18 15:27 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2010-08-18 04:25:52 UTC

From $url:

    * Project: Joomla!
    * SubProject: All
    * Severity: Medium
    * Versions: 1.5.19 and all previous 1.5 releases
    * Exploit type: XSS Injection
    * Reported Date: 2010-June-1
    * Fixed Date: 2010-July-15

Description

Back-end user can inject Javascript in various administrator screens.
Affected Installs

All 1.5.x installs prior to and including 1.5.19 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.20 or later)

Reported by Mesut Timur.

Comment 1 Christian Faulhammer (RETIRED) gentoo-dev

2010-08-18 07:48:06 UTC

Bumped.  Give it a day to settle until I remove 1.5.19

Comment 2 Alex Legler (RETIRED) archtester

2010-08-18 15:27:53 UTC

Thanks.