Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 273921 (CVE-2009-1938) - <www-apps/joomla-1.5.10 XSS (CVE-2009-{1938,1939,1940})
Summary: <www-apps/joomla-1.5.10 XSS (CVE-2009-{1938,1939,1940})
Status: RESOLVED FIXED
Alias: CVE-2009-1938
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://developer.joomla.org/security/...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-12 21:08 UTC by Stefan Behte (RETIRED)
Modified: 2009-07-01 16:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 21:08:25 UTC 
CVE-2009-1938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1938):
  Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through
  1.5.10 allows remote attackers to inject arbitrary web script or HTML
  via unspecified vectors related to database output and the frontend
  administrative panel.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 21:09:21 UTC 
No hurry here, it's hardmasked...
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 21:15:12 UTC 
CVE-2009-1939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1939):
  Cross-site scripting (XSS) vulnerability in the JA_Purity template
  for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject
  arbitrary web script or HTML via unspecified vectors.

CVE-2009-1940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1940):
  Cross-site scripting (XSS) vulnerability in the administrator panel
  in the com_users core component for Joomla! 1.5.x through 1.5.10
  allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2009-07-01 16:27:48 UTC 
Joomla is masked and has been bumped to 1.5.12

1.5.12 and 1.5.11 fixed a lot of issues...do you want a bug for that?