[20090301] - Core - Multiple XSS/CSRF

admin · #1 (**permalink**) 06-08-2009, 12:01 AM

Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27

Description

A series of XSS and CSRF faults exist in the administrator application.* Affected administrator components include com_admin, com_media, com_search.* Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.**

Affected Installs

All 1.5.x installs prior to and including 1.5.9 are affected.* The com_search XSS vulnerability requires that "Gather Search Statistics" be enabled to be exploitable (Disabled by default).

Solution

Upgrade to latest Joomla! version (1.5.10 or newer).

Contact

The JSST at the Joomla! Security Center.

More...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode