FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

joomla -- multiple remote vulnerabilities

Affected packages
joomla < 1.0.12

Details

VuXML ID 7bb127c1-a5aa-11db-9ddc-0011098b2f36
Discovery 2006-12-29
Entry 2007-01-17

Secunia reports:

Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks.

  1. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  2. The vulnerabilities are caused due to unspecified errors in Joomla!. The vendor describes them as "several low level security issues". No further information is currently available.

References

Bugtraq ID 21810
CVE Name CVE-2006-6832
CVE Name CVE-2006-6833
CVE Name CVE-2006-6834
URL http://secunia.com/advisories/23563/