Izdana je nova verzija popularnog CMS sustava Joomla! Novom verzijom ispravljena je ranjivost tipa Cross-site scripting koja potencijalnim napadačima omogućuje umetanje JavaScript koda u CMS sustav. Umetnuti JavaScript kod može se potom izvršiti u kontekstu web preglednika pojedinog klijenta. Svim korisnicima ovog CMS sustava savjetuje se nadogradnja.
Joomla! Developer Network - Security News
///////////////////////////////////////////
[20120307] - Core - Information Disclosure
Posted: 03 Apr 2012 12:21 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/qLQFOEsKrro/398-201...
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.3 and all earlier 2.5.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-7
Fixed Date: 2012-April-2
Description
Inadequate permission checking allows unauthorised viewing of some
administrative back end information.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
///////////////////////////////////////////
[20120308] - Core - XSS Vulnerability
Posted: 03 Apr 2012 12:21 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/QmpconaVV9A/399-201...
Project: Joomla!
SubProject: All
Severity: Low
Versions: 2.5.3 and all earlier 2.5.x versions
Exploit type: XSS Vulnerability
Reported Date: 2012-February-3
Fixed Date: 2012-April-2
Description
Inadequate filtering in update manager leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Alex Andreae
Contact
The JSST at the Joomla! Security Center.
--
You are subscribed to email updates from "Joomla! Developer Network -
Security News."
Posljednje sigurnosne preporuke