Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 266309 (CVE-2009-1279) - <=www-apps/joomla-1.5.9 web script/HTML injection (CVE-2009-{1279,1280})
Summary: <=www-apps/joomla-1.5.9 web script/HTML injection (CVE-2009-{1279,1280})
Status: RESOLVED FIXED
Alias: CVE-2009-1279
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial
Assignee: Gentoo Security
URL: http://developer.joomla.org/security/...
Whiteboard: ~3 [noglsa]
Keywords:
: 265852 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-04-15 21:51 UTC by Stefan Behte (RETIRED)
Modified: 2009-07-01 16:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-04-15 21:51:25 UTC 
CVE-2009-1279 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1279):
  Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5
  through 1.5.9 allow remote attackers to inject arbitrary web script
  or HTML via unspecified vectors to the (1) com_admin component, (2)
  com_search component when "Gather Search Statistics" is enabled, and
  (3) the category view in the com_content component.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-04-15 21:52:04 UTC 
CVE-2009-1280 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1280):
  Multiple cross-site request forgery (CSRF) vulnerabilities in the
  com_media component for Joomla! 1.5.x through 1.5.9 allow remote
  attackers to hijack the authentication of unspecified victims via
  unknown vectors.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-19 16:28:22 UTC 
*** Bug 265852 has been marked as a duplicate of this bug. ***
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2009-07-01 16:27:53 UTC 
Joomla is masked and has been bumped to 1.5.12