The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-26
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.15, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center....

Reported By: Osanda Malith

Read more

  • Project: Joomla!
  • SubProject: All
  • Severity: Critical
  • Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.0.x versions.
  • Exploit type: Unauthorised Uploads
  • Reported Date: 2013-June-25
  • Fixed Date: 2013-July-31
  • CVE Number: Pending

Description

Inadequate filtering leads to the ability to bypass file type upload restrictions.

Affected Installs

Joomla!

...

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Privilege Escalation
  • Reported Date: 2013-March-29
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3056

Description

Inadequate permission checking allows unauthorised user to delete private messages.

Affected Installs

Joomla

...

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-April-17
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3267

Description

Inadequate filtering leads to XSS vulnerability in highlighter plugin.

Affected Installs

Joomla! version 2.5.9

...

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-March-9
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3058

Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.

Affected Installs

Joomla!

...