Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
BID:21810
Info
Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
| Bugtraq ID: | 21810 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2006 12:00AM |
| Updated: | Jan 04 2007 06:27PM |
| Credit: | Fukumori is credited with reporting the cross-site scripting vulnerability. The vendor disclosed the other issues. |
| Vulnerable: |
SocialMPN SocialMPN 1.0.5 Joomla Joomla 1.0.11 Joomla Joomla 1.0.10 Joomla Joomla 1.0.9 Joomla Joomla 1.0.8 Joomla Joomla 1.0.7 Joomla Joomla 1.0.4 Joomla Joomla 1.0.3 Joomla Joomla 1.0.2 Joomla Joomla 1.0.1 Joomla Joomla 1.0 |
| Not Vulnerable: |
Joomla Joomla 1.0.12 |
Discussion
Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
Joomla! is prone to an unspecified cross-site scripting vulnerability and multiple unspecified vulnerabilities.
An attacker could likely exploit these vulnerabilities to access or modify sensitive information or to execute script code in the browser of an unsuspecting user; other attacks may also be possible.
An attacker can leverage a cross-site scripting vulnerability to have arbitrary script code execute in the context of the affected site. A successful exploit will allow the attacker to steal cookie-based authentication credentials that can aid in further attacks; other attacks are also possible.
Versions prior to 1.0.12 are affected.
Joomla! is prone to an unspecified cross-site scripting vulnerability and multiple unspecified vulnerabilities.
An attacker could likely exploit these vulnerabilities to access or modify sensitive information or to execute script code in the browser of an unsuspecting user; other attacks may also be possible.
An attacker can leverage a cross-site scripting vulnerability to have arbitrary script code execute in the context of the affected site. A successful exploit will allow the attacker to steal cookie-based authentication credentials that can aid in further attacks; other attacks are also possible.
Versions prior to 1.0.12 are affected.
Exploit / POC
Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
To exploit a cross-site scripting vulnerability, an attacker must entice a victim user to follow a malicious URI.
Attackers could likely exploit the other vulnerabilities via a web client.
To exploit a cross-site scripting vulnerability, an attacker must entice a victim user to follow a malicious URI.
Attackers could likely exploit the other vulnerabilities via a web client.
Solution / Fix
Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
Solution:
The vendor released version 1.0.12 to address these issues. Please see the references for more information.
Joomla Joomla 1.0
Joomla Joomla 1.0.1
Joomla Joomla 1.0.10
Joomla Joomla 1.0.11
Joomla Joomla 1.0.2
Joomla Joomla 1.0.3
Joomla Joomla 1.0.4
SocialMPN SocialMPN 1.0.5
Joomla Joomla 1.0.7
Joomla Joomla 1.0.8
Joomla Joomla 1.0.9
Solution:
The vendor released version 1.0.12 to address these issues. Please see the references for more information.
Joomla Joomla 1.0
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.1
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.10
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.11
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.2
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.3
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.4
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
SocialMPN SocialMPN 1.0.5
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.7
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.8
-
Joomla Joomla 1.0.12
http://forge.joomla.org/sf/frs/do/downloadRelease/projects.joomla/frs. joomla_1_0.1_0_12;jsessionid=2C59894BF59497F311143D4B7EAA71C1?dl=1
Joomla Joomla 1.0.9
References
Joomla! Unspecified Cross-Site Scripting Vulnerability And Multiple Unspecified Vulnerabilities
References:
References:
- Joomla! ?????????????????????? (JP Vendor Status Notes)
- Joomla! 1.0.12 Changelog (Joomla!)