Joomla! Multiple Cross-Site Scripting Vulnerabilities

SECUNIA ADVISORY ID:
SA55573

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/55573/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=55573

RELEASE DATE:
2013-11-07

DESCRIPTION:
Multiple vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

1) Certain unspecified input related to the com_contact component is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

2) Certain unspecified input related to the com_contact,
com_weblinks, and com_newsfeeds components is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

3) Certain unspecified input related to the com_contact component is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 2.5.15, 3.1.6,
and 3.2.

SOLUTION:
Update to version 2.5.15, 3.1.6, or 3.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Osanda Malith.

ORIGINAL ADVISORY:
Joomla!:
http://www.joomla.org/announcements/release-news/5516-joomla-3-2-0-stable-released.html
http://www.joomla.org/announcements/release-news/5517-joomla-2-5-15-released.html
http://developer.joomla.org/security/news/570-20131101-core-xss-vulnerability
http://developer.joomla.org/security/news/571-20131102-core-xss-vulnerability
http://developer.joomla.org/security/news/572-20131103-core-xss-vulnerability

RECENT ARTICLE

RECENT POST