FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Joomla! -- XXS and DDoS vulnerabilities

Affected packages
2.0.* <= joomla < 2.5.10

Details

VuXML ID 57df803e-af34-11e2-8d62-6cf0490a8c18
Discovery 2013-04-24
Entry 2013-04-27

The JSST and the Joomla! Security Center report:

[20130405] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in Voting plugin.

[20130403] - Core - XSS Vulnerability

Inadequate filtering allows possibility of XSS exploit in some circumstances.

[20130402] - Core - Information Disclosure

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

[20130404] - Core - XSS Vulnerability

Use of old version of Flash-based file uploader leads to XSS vulnerability.

[20130401] - Core - Privilege Escalation

Inadequate permission checking allows unauthorised user to delete private messages.

[20130406] - Core - DOS Vulnerability

Object unserialize method leads to possible denial of service vulnerability.

[20130407] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in highlighter plugin

References

CVE Name CVE-2013-3056
CVE Name CVE-2013-3057
CVE Name CVE-2013-3058
CVE Name CVE-2013-3059
CVE Name CVE-2013-3242
CVE Name CVE-2013-3267
URL http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html