You are here
Home > Preporuke > Ranjivost Joomla! CMS-a

Ranjivost Joomla! CMS-a

by ncert - 0

Security Centre

///////////////////////////////////////////
[20150908] – Core – XSS Vulnerability

Posted: 08 Sep 2015 07:25 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/CARbJMNz3LY/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: requested

Description

Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs

Joomla! CMS versions 3.4.0 through 3.4.3
Solution

Upgrade to version 3.4.4
Contact

The JSST at the Joomla! Security Center.
Reported By: cfreer


You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0

Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>

h1 a:hover {background-color:#888;color:#fff ! important;}

div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}

div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}

div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}

table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}

img {border:none;}

</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/CARbJMNz3LY/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20150908] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 08 Sep 2015 07:25 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.4.0 through 3.4.3</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2015-August-18</li>
<li>Fixed Date: 2015-September-08</li>
<li>CVE Number: requested</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in login module.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.4.0 through 3.4.3</p>
<h3>Solution</h3>
<p>Upgrade to version 3.4.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> cfreer</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=CARbJMNz3LY:JuYag_yS-4A:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/CARbJMNz3LY?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>.<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>

ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav SUSE Linux Enterprise Server/Desktop 12. Otkriveni nedostaci potencijalnim napadačima...

Close