Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 325601 (CVE-2010-1649)

Summary: <www-apps/joomla-1.5.18: arbitrary web script or HTML injection (CVE-2010-1649)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: fauli, oli.huber, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:02:54 UTC 
CVE-2010-1649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1649):
  Multiple cross-site scripting (XSS) vulnerabilities in the back end
  in Joomla! 1.5 through 1.5.17 allow remote attackers to inject
  arbitrary web script or HTML via unknown vectors related to "various
  administrator screens," possibly the search parameter in
  administrator/index.php.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:03:33 UTC 
Can you punt the older version?
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-25 21:24:53 UTC 
1.5.17 removed.