SECUNIA ADVISORY ID:
Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.
1) Unspecified input related to the category view of the
"com_content" component is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
2) Unspecified input related to the "com_admin" and "com_search"
components is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
3) The "com_media" component allows users to perform certain actions
via HTTP request without performing any validity checks to verify the
requests. This can be exploited to perform unspecified actions e.g.
when a logged in administrative user visits a malicious web site.
The vulnerabilities are reported in version 1.5.9. Prior versions may
also be affected.
Update to version 1.5.10.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.