Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325601 (CVE-2010-1649) - <www-apps/joomla-1.5.18: arbitrary web script or HTML injection (CVE-2010-1649)
Summary: <www-apps/joomla-1.5.18: arbitrary web script or HTML injection (CVE-2010-1649)
Status: RESOLVED FIXED
Alias: CVE-2010-1649
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://developer.joomla.org/security/...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 21:02 UTC by Stefan Behte (RETIRED)
Modified: 2010-06-26 11:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:02:54 UTC 
CVE-2010-1649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1649):
  Multiple cross-site scripting (XSS) vulnerabilities in the back end
  in Joomla! 1.5 through 1.5.17 allow remote attackers to inject
  arbitrary web script or HTML via unknown vectors related to "various
  administrator screens," possibly the search parameter in
  administrator/index.php.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:03:33 UTC 
Can you punt the older version?
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-25 21:24:53 UTC 
1.5.17 removed.