Text only | Text with Images

Charlottezweb

General Conversation => Script Chat => Topic started by: Jason on April 03, 2012, 07:41:55 PM

Title: Joomla Security Notice :: April 3, 2012
Post by: Jason on April 03, 2012, 07:41:55 PM
Today's notice:

http://developer.joomla.org/security/news.html

Quote
Joomla! Security News

________________________________________
[20120307] - Core - Information Disclosure
Posted: 03 Apr 2012 12:21 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: Low
?   Versions: 2.5.3 and all earlier 2.5.x versions
?   Exploit type: Information Disclosure
?   Reported Date: 2012-January-7
?   Fixed Date: 2012-April-2
Description
Inadequate permission checking allows unauthorised viewing of some administrative back end information.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Cyrille Barthelemy

Contact
The JSST at the Joomla! Security Center.



[20120308] - Core - XSS Vulnerability
Posted: 03 Apr 2012 12:21 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: Low
?   Versions: 2.5.3 and all earlier 2.5.x versions
?   Exploit type: XSS Vulnerability
?   Reported Date: 2012-February-3
?   Fixed Date: 2012-April-2
Description
Inadequate filtering in update manager leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4

Text only | Text with Images