Categories

Applications (255)
Blogs (7)
Content Management (167)
Customer Relationship (4)
Discussion Boards (37)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (366)
Access Bypass (55)
Cross Site Scripting (138)
Denial Of Service (2)
File Inclusion (54)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (140)
« Snitz Forums 2000 XSS Vulnerability
Xcms PHP Code Execution and LFI »

Joomla! XSRF and Script Insertion

Published by TL Guan January 22nd, 2008 in Content Management and Cross Site Scripting.

Application: Joomla!
Affected Version: prior version of 1.5 RC4
Vendor’s URL: http://www.joomla.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Restrict access to trusted users only and edit the source code to ensure that input is properly sanitized. Do not browse other websites while being logged in into Joomla!.

Some of the vulnerabilities are fixed in Joomla! 1.5 RC4.

0 Responses to “Joomla! XSRF and Script Insertion”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« Snitz Forums 2000 XSS Vulnerability
Xcms PHP Code Execution and LFI »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional