Home News Feeds Joomla! Security News
Newsfeeds
Security


  • [20130407] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-April-17
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3267

    Description

    Inadequate filtering leads to XSS vulnerability in highlighter plugin.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Vertical Pigeon


  • [20130401] - Core - Privilege Escalation
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: Privilege Escalation
    • Reported Date: 2013-March-29
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3056

    Description

    Inadequate permission checking allows unauthorised user to delete private messages.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Francois Gauthier


  • [20130403] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-March-9
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3058

    Description

    Inadequate filtering allows possibility of XSS exploit in some circumstances.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: James Kettle


  • [20130405] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-February-26
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3059

    Description

    Inadequate filtering leads to XSS vulnerability in Voting plugin.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Yannick Gaultier and Jeff Channell


  • [20130402] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: Information Disclosure
    • Reported Date: 2013-March-29
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3057

    Description

    Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Francois Gauthier
Copyright © 2013 JavaPgmr.net. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
  

Related Links