Jnews, 8.0.1 an earlier, XSS (Cross Site Scripting)
JoomlaConnect™ - Security English
Recent Posts
Jnews, 8.0.1
- Posted on: Saturday, 18 May 2013
- Feed: Resolved VEL
- Other posts filed in: Security
bo:VideoJS, 2.1.1,
- Posted on: Sunday, 05 May 2013
- Feed: Resolved VEL
- Other posts filed in: Security
bo:VideoJS, 2.1.1, xss
From developerhttp://www.boeschung.de/en/joomla/bo-videojs/video-js-v320
alfcontact
- Posted on: Saturday, 27 April 2013
- Feed: Resolved VEL
- Other posts filed in: Security
xss 230413
[20130407] - Core - XSS Vulnerability
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-April-17
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and...
[20130401] - Core - Privilege Escalation
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Privilege Escalation
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3056
Description
Inadequate permission checking allows unauthorised user to delete private messages.
Affected Installs
Joomla! version 2.5.9 and earlier...
[20130403] - Core - XSS Vulnerability
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-March-9
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3058
Description
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x...
[20130405] - Core - XSS Vulnerability
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-26
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3059
Description
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and...
[20130402] - Core - Information Disclosure
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Information Disclosure
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3057
Description
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Affected Installs
Joomla!...
[20130406] - Core - DOS Vulnerability
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Denial of service vulnerability
- Reported Date: 2013-February-18
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3242
Description
Object unserialize method leads to possible denial of service vulnerability.
Affected Installs
Joomla! version 2.5.9 and...
[20130404] - Core - XSS Vulnerability
- Posted on: Wednesday, 24 April 2013
- Feed: JSST News Feed
- Other posts filed in: Security
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-15
- Fixed Date: 2013-April-24
- CVE Number: None
Description
Use of old version of Flash-based file uploader leads to XSS vulnerability.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and...
Languages
- Catalan
- Czech
- Danish
- Dutch
- Estonian
- Finnish
- French
- German
- Italian
- English
- Lithuanian
- Montenegrin
- Norwegian
- Arabic
- Polish
- Portuguese
- Russian
- Slovak
- Spanish
- Special Events
- Swiss
- Thai
- Ukrainian
- Vietnamese
Categories
- Consultants
- Extension Developers
- General
- Joomla! User Groups
- Joomla.org
- JoomlaDays
- Security
- Template Designers
- Training
Recently Updated Feeds
Resolved VEL 
JSST News Feed
Live VEL Direct
To get your feed included in JoomlaConnect, see our page on getting connected.
