[20101101] - Core - XSS Vulnerabilities

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.21 and all previous 1.5 releases
  • Exploit type: SQL Injection - Information Disclosure
  • Reported Date: 2010-October-05
  • Fixed Date: 2010-November-04

Description

Inadequate filtering of request variables causes database errors.

Affected Installs

All 1.5.x installs prior to and including 1.5.21 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.22 or later)

Reported by YGN Ethical Hacker Group

Contact

The JSST at the Joomla! Security Center.

Source: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/4MtMh_0iC4A/323-20101101-core-sqli-info-disclosurevulnerabilities.html