Developer Network™

Download
Launch

Security Announcements

[20110901] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.7.0 and all 1.6.x versions
  • Exploit type: XSS
  • Reported Date: 2011-August-02
  • Fixed Date: 2011-September-22

Description

Inadequate escaping leads to XSS vulnerability in com_search.

Affected Installs

Joomla! version 1.7.0 and all 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.1 or later)

Contact

The JSST at the Joomla! Security Centre.

Reported By: Aung Khant