This feed provides announcements of resolved security issues in Joomla! software releases.

For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.

To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.

You can subscribe to notifications from this feed through a RSS reader or email notifications via FeedBurner.

  • Project: Joomla!
  • SubProject: com_content
  • Severity: Moderate
  • Versions: 1.5.14 and all previous 1.5 releases
  • Exploit type: Front-End Editing
  • Reported Date: 2009-September-05
  • Fixed Date: 2009-November-03

Description

When logged into the front end with Author access, it was possible to replace an article written by another user.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hannes Papenberg
  • Project: Joomla!
  • SubProject: Framework
  • Severity: Moderate
  • Versions: 1.5.12 and all previous 1.5 releases
  • Exploit type: Path Disclosure
  • Reported Date: 2009-July-21
  • Fixed Date: 2009-July-22

Description

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.12 are affected.

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Juan Galiana Lara (Internet Security Auditors)
  • Project: Joomla!
  • SubProject: com_mailto
  • Severity: Low
  • Versions: 1.5.13 and all previous 1.5 releases
  • Exploit type: Email
  • Reported Date: 2009-July-28
  • Fixed Date: 2009-July-30

Description

In com_mailto, it was possible to bypass timeout protection against sending automated emails.

Affected Installs

All 1.5.x installs prior to and including 1.5.13 are affected.

Solution

Upgrade to latest Joomla! version (1.5.14 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: WHK and Gergő Erdősi
  • Project: Joomla!
  • SubProject: TinyMCE editor
  • Severity: Critical
  • Versions: 1.5.12
  • Exploit type: Image File upload
  • Reported Date: 2009-July-22
  • Fixed Date: 2009-July-22

Description

Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Affected Installs

Version 1.5.12 only

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Patrice Lazareff
  • Project: Joomla!
  • SubProject: Site client
  • Severity: Moderate
  • Versions: 1.5.11 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-June-30
  • Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Juan Galiana Lara (Internet Security Auditors)
  • Project: Joomla!
  • SubProject: Site client
  • Severity: Moderate
  • Versions: 1.5.11 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-June-03
  • Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Paul Boekholt (Byte Internet)
  • Project: Joomla!
  • SubProject: Admin client
  • Severity: Moderate
  • Versions: 1.5.11 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-June-22
  • Fixed Date: 2009-June-30

Description

Some files were missing the check for JEXEC.  These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Contact

The JSST at the Joomla! Security Centre.

  • Project: Joomla!
  • SubProject: com_users
  • Severity: Moderate
  • Versions: 1.5.10 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-April-30
  • Fixed Date: 2009-June-02

Description

A XSS vulnerability exists in the user view of com_users in the administrator panel.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Airton Torres
  • Project: Joomla!
  • SubProject: ja_purity
  • Severity: Moderate
  • Versions: 1.5.10 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-April-06
  • Fixed Date: 2009-June-02

Description

A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Juan Galiana Lara
  • Project: Joomla!
  • SubProject: Site client
  • Severity: Low
  • Versions: 1.5.10 and all previous 1.5 releases
  • Exploit type: XSS
  • Reported Date: 2009-May-05
  • Fixed Date: 2009-June-02

Description

Some values were output from the database without being properly escaped.  Most strings in question were sourced from the administrator panel.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Contact

The JSST at the Joomla! Security Centre.