Application: CMS Source
Affected Version: version 3.0 and other versions.
Vendor’s URL: CMS Source
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised and verified.
Content Management, Cross Site Scripting, SQL Injection
Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: cgTestimonial Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the components/com_cgtestimonial/user_images directory (e.g. via .htaccess)
Content Management, Cross Site Scripting, File Inclusion
Application: Joomla
Affected Version: versions prior to 2.1.2.
Vendor’s URL: Frei-Chat Component
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 2.1.2.
Content Management, Cross Site Scripting
Application: WordPress
Affected Version: Version 2.62 and other versions
Vendor’s URL: WP-UserOnline Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 2.70 or later.
Content Management, Cross Site Scripting
Application: Joomla
Affected Version: version 1.2 and other versions.
Vendor’s URL: JFaq Component
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: Moodle
Affected Version:
Vendor’s URL: Moodle
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.8.13 or 1.9.9 or apply patches (see vendor’s advisories for details).
Content Management, Cross Site Scripting
Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: My Car Component
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-1.2.
Vendor’s URL: AddonChat Module
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.x-1.2.
Access Bypass, Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-1.4.
Vendor’s URL: Chaos Tool Suite Module
Bug Type: Cross Site Scripting and Access Bypass
Risk Level: Critical
Solution:
Update to version 6.x-1.4
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.x-4.9.
Vendor’s URL: Heartbeat Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to Heartbeat 6.x-4.9.
Content Management, Cross Site Scripting
Application: Invision Power Board
Affected Version: version 2.3.6 and 3.0.5
Vendor’s URL: Invision Power Board
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Apply the patch.
Original Advisory:
http://community.invisionpower.com/topic/306221-ipboard-236-and-305-security-update/
Cross Site Scripting, Discussion Boards
Application: Drupal
Affected Version: versions prior to 6.x-1.1.
Vendor’s URL: CiviRegister Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.x-1.1.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: version 0.9.1
Vendor’s URL: DJ-Classifieds Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical
Solution:
Grant only trusted users access to the affected component.
Content Management, Cross Site Scripting, File Inclusion
Application: CMS SiteLogic
Affected Version:
Vendor’s URL: CMS SiteLogic
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection
Application: Xoops
Affected Version: version 2.4.2 and prior versions.
Vendor’s URL: Xoops
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium
Solution:
Update to version 2.4.3.
Content Management, Cross Site Scripting, SQL Injection
Application: Wordpress
Affected Version: version 3.2.4 and other versions
Vendor’s URL: Google Analytics Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 3.2.5.
Content Management, Cross Site Scripting
Application: WordPress
Affected Version: version 2.8.5
Vendor’s URL: WordPress
Bug Type: File Upload and Script Insertion
Risk Level: Medium
Solution:
Update to version 2.8.6.
Access Bypass, Content Management, Cross Site Scripting
Application: Drupal
Affected Version: prior to version 5.x-1.1 and 6.x-1.1.
Vendor’s URL: Browscap Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Browscap 5.x:
Update to Browscap 5.x-1.1
http://drupal.org/node/592262
Browscap 6.x:
Update to Browscap 6.x-1.1
http://drupal.org/node/592264
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 6.14.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 6.14 or apply the patch.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: versions prior to 5.x-1.2 and 6.x-1.4.
Vendor’s URL: BUEditor Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.x-1.2 or 6.x-1.4.
Content Management, Cross Site Scripting