Latest News

Tarocash owner Retail Apparel Group to give HR systems an AI boost

Meta accuses Australia of breaching free trade agreement

Researchers build self-replicating AI worm with BYO LLM

Treasury Wine Estates to go big on digital, data and AI

iTnews State of Data & AI Breakfast comes to Sydney this July

Joomla! XSS turns users to admins

By SC Australia Staff

Sep 30 2011 8:58AM

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

Joomla! XSS turns users to admins

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

cms joomla security vulnerabilities xss

Partner Content

Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026

Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026

Why Backing Up Your Microsoft 365 Data Is Only Half the Job

Partner Content Why Backing Up Your Microsoft 365 Data Is Only Half the Job

Always-on defence becomes critical as AI accelerates cyber threats: Infotrust

Partner Content Always-on defence becomes critical as AI accelerates cyber threats: Infotrust

From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale

Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale

Sponsored Whitepapers

Agile in the AI Era: why projects still fail

Agile in the AI Era: why projects still fail

When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud

When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud

High-volume data sources for AI-driven security analytics

High-volume data sources for AI-driven security analytics

How healthcare organisations can get more value from cloud

How healthcare organisations can get more value from cloud

1 in 3 companies lose SaaS data. Here’s how to prevent it

1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia

Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Microsoft backs down on legal threats against 0day disclosing researchers

Microsoft backs down on legal threats against 0day disclosing researchers

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories