Users of Joomla please be advised of a input sanitization errors vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
oCERT-2010-002: oCERT-2010-002 Joomla input sanitization errors (XSS)
Joomla input sanitization errors
escription:
Joomla, an open source content management system, suffers from a cross-site
scripting (XSS) vulnerability.
Insufficient input sanitization on the parameters passed to pages related to
administration settings leads to arbitrary javascript injection in the context
of the user session, this could be potentially exploited to hijack the session
of the Joomla administrator.
Affected version:
Joomla <= 1.5.19
Fixed version:
Joomla >= 1.5.20
Credit: vulnerability report and PoC received from Mesut Timur <mesut [at]
mavitunasecurity [dot] com>.
CVE: N/A
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9ekSFI
No comments:
Post a Comment