Joomla! XSS turns users to admins

Powered by SC Magazine
 

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Copyright © SC Magazine, Australia


Joomla! XSS turns users to admins
 
 
 
Top Stories
Australia passes data retention into law
Mammoth last-ditch effort by Greens, indies knocked back.
 
ATO to kill off e-Tax
Veteran software to be replaced by more modern myTax.
 
CSC embroiled in CBA IT bribery scandal
ServiceMesh named in alleged dodgy dealing.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  8%
 
No
  92%
TOTAL VOTES: 1171

Vote