Joomla Security Notice :: April 3, 2012

Started by Jason, April 03, 2012, 07:41:55 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

April 03, 2012, 07:41:55 PM
Today's notice:

http://developer.joomla.org/security/news.html

Quote
Joomla! Security News

________________________________________
[20120307] - Core - Information Disclosure
Posted: 03 Apr 2012 12:21 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: Low
?   Versions: 2.5.3 and all earlier 2.5.x versions
?   Exploit type: Information Disclosure
?   Reported Date: 2012-January-7
?   Fixed Date: 2012-April-2
Description
Inadequate permission checking allows unauthorised viewing of some administrative back end information.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Cyrille Barthelemy

Contact
The JSST at the Joomla! Security Center.



[20120308] - Core - XSS Vulnerability
Posted: 03 Apr 2012 12:21 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: Low
?   Versions: 2.5.3 and all earlier 2.5.x versions
?   Exploit type: XSS Vulnerability
?   Reported Date: 2012-February-3
?   Fixed Date: 2012-April-2
Description
Inadequate filtering in update manager leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4

Print
Go Up Pages1
User actions