Joomla! Developer Network

Download Joomla
Demo Joomla

[20130405] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-February-26
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3059

Description

Inadequate filtering leads to XSS vulnerability in Voting plugin.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Yannick Gaultier and Jeff Channell

[20130403] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-March-9
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3058

Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: James Kettle

[20130404] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-February-15
  • Fixed Date: 2013-April-24
  • CVE Number: None

Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Reginaldo Silva

[20130402] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Information Disclosure
  • Reported Date: 2013-March-29
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3057

Description

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Francois Gauthier

[20130401] - Core - Privilege Escalation

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: Privilege Escalation
  • Reported Date: 2013-March-29
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3056

Description

Inadequate permission checking allows unauthorised user to delete private messages.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Francois Gauthier
  1. [20130406] - Core - DOS Vulnerability
  2. [20130407] - Core - XSS Vulnerability
  3. [20130202] - Core - Information Disclosure
Joomla! CMS Status

LTS Release

STS Release

Note: View known compatibility Issues
Joomla! Framework Status

Current Release:None

Upcoming Release: Beta 1.0

Resources

Mailing Lists

Joomla! Reading

Joomla! Programming

Mark Dexter & Louis Landry

Joomla! Templates

Angie Radtke

© 2005 - 2013 Open Source Matters, Inc. All rights reserved.