• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-March-9
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3058

Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: Information Disclosure
• Reported Date: 2013-March-29
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3057

Description

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-February-15
• Fixed Date: 2013-April-24
• CVE Number: None

Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: Privilege Escalation
• Reported Date: 2013-March-29
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3056

Description

Inadequate permission checking allows unauthorised user to delete private messages.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: Denial of service vulnerability
• Reported Date: 2013-February-18
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3242

Description

Object unserialize method leads to possible denial of service vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-April-17
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3267

Description

Inadequate filtering leads to XSS vulnerability in highlighter plugin.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.
• Exploit type: Information disclosure
• Reported Date: 2012-October-31
• Fixed Date: 2013-February-4
• CVE Number: CVE-2013-1453

Description

Method of encoding search terms led to possible information disclosure.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions; version 2.5.8 and earlier 2.5.x versions.

Solution

Upgrade to version 3.0.3 or 2.5.9.

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 3.0.2 and earlier 3.0.x versions.
• Exploit type: Information disclosure
• Reported Date: 2013-January-16
• Fixed Date: 2013-February-4
• CVE Number: CVE-2013-1455

Description

Undefined variable caused information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 3.0.2 and earlier 3.0.x versions.
• Exploit type: Information disclosure
• Reported Date: 2013-January-13
• Fixed Date: 2013-February-4
• CVE Number: CVE-2013-1454

Description

Coding errors led to information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 3.0.3.

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 3.0.1 and 3.0.0.
• Exploit type: Clickjacking vulnerability
• Reported Date: 2012-October-15
• Fixed Date: 2012-November-08
• CVE Number: CVE-2012-5827

Description

Inadequate protection leads to clickjacking vulnerability.

Affected Installs

Joomla! version 3.0.1 and 3.0.0.

Solution

Upgrade to version 3.0.2

Contact

The JSST at the Joomla! Security Centre.