040 Hosting Blog » Joomla: XSS Injection patch upgrade to 1.5.18 or later

Joomla: XSS Injection patch upgrade to 1.5.18 or later

[20100501] – Core – XSS Vulnerabilities in Back End

Posted: 27 May 2010 05:00 PM PDT

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.17 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-May-13
Fixed Date: 2010-May-28

Description

Back-end user can inject javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.17 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by Riyaz Ahemed

Contact

The JSST at the Joomla! Security Center.

Filed under: Security, Software, Updates by patrick

Search for:
Quick find
Follow @Twitter
Keep up to date

Your email:
Royalty Free Images
May 2010

M T W T F S S

« Apr Jun »

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30

31
For Sale
Links
Recent Articles
Categories
- Blogroll (1)
- Business (75)
- Cpanel (19)
- cPanel Upgrade (8)
- Dedicated (36)
  - Asia (3)
  - Europe (19)
  - Managed (14)
  - Unmanaged (17)
  - USA (22)
    - Dallas (13)
    - New Jersey (3)
    - Seattle (6)
    - St. Louis (6)
    - Washington DC (6)
- Dedicated Servers (15)
- Free Tools (4)
- General (98)
- Howto (5)
- Internet (25)
- ksplice (1)
- Maintenance (46)
- Nederlands (29)
  - TLD nieuws (24)
- Outage (28)
  - Client Portal (1)
  - Mail (2)
  - Network (8)
- Q&A (1)
- Sales (33)
- Security (45)
- Software (72)
  - Updates (68)
    - Fantastico (35)
    - Installatron (2)
    - Softaculous (2)
- Special Deals (30)
- TLD news (42)
- Website of the week (6)
The Reading Table
- About
- Contact
- Services
Ethics and Us