Security

  1. [20130407] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-April-17
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3267

    Description

    Inadequate filtering leads to XSS vulnerability in highlighter plugin.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Vertical Pigeon
  2. [20130405] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-February-26
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3059

    Description

    Inadequate filtering leads to XSS vulnerability in Voting plugin.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Yannick Gaultier and Jeff Channell
  3. [20130403] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-March-9
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3058

    Description

    Inadequate filtering allows possibility of XSS exploit in some circumstances.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: James Kettle
  4. [20130404] - Core - XSS Vulnerability
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: XSS Vulnerability
    • Reported Date: 2013-February-15
    • Fixed Date: 2013-April-24
    • CVE Number: None

    Description

    Use of old version of Flash-based file uploader leads to XSS vulnerability.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Reginaldo Silva
  5. [20130402] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
    • Exploit type: Information Disclosure
    • Reported Date: 2013-March-29
    • Fixed Date: 2013-April-24
    • CVE Number: CVE-2013-3057

    Description

    Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

    Affected Installs

    Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

    Solution

    Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

    Contact

    The JSST at the Joomla! Security Center.

    Reported By: Francois Gauthier