Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-April-17
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
- Exploit type: Information disclosure
- Reported Date: 2012-October-31
- Fixed Date: 2013-February-4
- CVE Number: CVE-2013-1453
Description
Method of encoding search terms led to possible information disclosure.
Affected Installs
Joomla! version 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
Solution
Upgrade to version 3.0.3 or 2.5.9.
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 3.0.2 and earlier 3.0.x versions.
- Exploit type: Information disclosure
- Reported Date: 2013-January-16
- Fixed Date: 2013-February-4
- CVE Number: CVE-2013-1455
Description
Undefined variable caused information disclosure in some situations.
Affected Installs
Joomla! version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 3.0.3.
Contact
The JSST at the Joomla! Security Centre.