Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: All
- Severity: Critical
- Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
- Exploit type: Unauthorised Uploads
- Reported Date: 2013-June-25
- Fixed Date: 2013-July-31
- CVE Number: Pending
Description
Inadequate filtering leads to the ability to bypass file type upload restrictions.
Affected Installs
Joomla! version 2.5.13 and earlier 2.5.x versions; and version 3.1.4 and earlier 3.x versions.
Solution
Upgrade to version 2.5.14 or 3.1.5.
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-26
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3059
Description
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-March-9
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3058
Description
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.