[FIXED in 1.0.10] XSS Vulnerabilities in Joomla 1.0.9 Stable

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
negarkhane
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 146
Joined: Sat Aug 20, 2005 4:38 pm
Location: Iran
Contact:

[FIXED in 1.0.10] XSS Vulnerabilities in Joomla 1.0.9 Stable

Post by negarkhane » Tue Jun 20, 2006 7:18 am

My Friend Found 2 XSS Vulnerabilities in Joomla 1.0.9 Stable:
Fronted :
1.[URL removed]">alert(document.cookie)
Backend:
2.in Admin Private Message: Subject: alert(document.cookie)



[MOD noted edited for security reasons]
Last edited by stingrey on Wed Jun 28, 2006 3:48 pm, edited 1 time in total.

 
User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: [CONFIRMED] XSS Vulnerabilities in Joomla 1.0.9 Stable

Post by stingrey » Wed Jun 21, 2006 6:59 pm

Fixed in 1.0.10 SVN



Both these security vulnerabilites are designated as :
[LOW LEVEL] A4 Cross Site Scripting
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D

User avatar
negarkhane
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 146
Joined: Sat Aug 20, 2005 4:38 pm
Location: Iran
Contact:

Re: [FIXED SVN] XSS Vulnerabilities in Joomla 1.0.9 Stable

Post by negarkhane » Thu Jun 22, 2006 6:09 am

thanks

User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: [FIXED SVN] XSS Vulnerabilities in Joomla 1.0.9 Stable

Post by stingrey » Mon Jun 26, 2006 5:12 am

Upgrade to Joomla! 1.0.10 Security Release!
http://www.joomla.org/content/view/1510/74/
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D

 

Locked

Return to “Security - 1.0.x”