Joomla! Developer Network™

Download
Launch

Security Announcements

[20111101] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.7.2 and all 1.6.x versions
  • Exploit type: XSS
  • Reported Date: 2011-October-21
  • Fixed Date: 2011-November-14

Description

Inadequate filtering leads to XSS vulnerability in back end.

Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.3 or later)

Contact

The JSST at the Joomla! Security Centre.

Reported By: Corné Hannema