[20120901] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.6 and all earlier 2.5.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2012-April-30
  • Fixed Date: 2012-September-13


Inadequate escaping of output leads to XSS vulnerability.

Affected Installs

Joomla! versions 2.5.6 and all earlier 2.5.x versions


Upgrade to version 2.5.7

Reported by Janek Vind and Antoine Cervoise


The JSST at the Joomla! Security Center.

Source: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uFrQh76JFbE/539-20120901-core-xss-vulnerability.html