Joomla! Developer - [20090604] - Core - Frontend XSS - HTTP

Home
Community
Documentation
Forum
Extensions
Shop
Developers

Main Menu

Security Center Menu

Book Stores
Amazon.com-US
Amazon.ca-Canada
Amazon.uk-UK
Amazon.de-Deutschland
Amazon.fr-France

Login Form

Subscribe to Joomla! Security Announcements - Click Here

Wed

Jul

2009

[20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered

Wednesday, 01 July 2009 04:45

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-30
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

Last Updated on Wednesday, 01 July 2009 04:45