- Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel.
- A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
- A XSS vulnerability exists in the user view of com_users in the administrator panel.
-
[20090603] - Core - Frontend XSS
Posted: Wed, 03 Jun 2009 05:56:53 +0000
- Project: Joomla!
- SubProject: Site client
- Severity: Low
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-May-05
- Fixed Date: 2009-June-02
Description
Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel.
Affected Installs
All 1.5.x installs prior to and including 1.5.10 are affected.
Solution
Upgrade to latest Joomla! version (1.5.11 or newer).
-
[20090602] - Core - ja_purity XSS
Posted: Wed, 03 Jun 2009 05:56:42 +0000
- Project: Joomla!
- SubProject: ja_purity
- Severity: Moderate
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-April-06
- Fixed Date: 2009-June-02
Description
A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
Affected Installs
All 1.5.x installs prior to and including 1.5.10 are affected.
Solution
Upgrade to latest Joomla! version (1.5.11 or newer).
-
[20090601] - Core - com_users XSS
Posted: Wed, 03 Jun 2009 05:56:25 +0000
- Project: Joomla!
- SubProject: com_users
- Severity: Moderate
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-April-30
- Fixed Date: 2009-June-02
Description
A XSS vulnerability exists in the user view of com_users in the administrator panel.
Affected Installs
All 1.5.x installs prior to and including 1.5.10 are affected.
Solution
Upgrade to latest Joomla! version (1.5.11 or newer).
