Latest News

Woolworths' CSO is Optus-bound

Build once. Build right. The enduring power of Azure Landing Zones.

Lion builds an app to detect its beers on tap in venues

Tech giants' indirect emissions rose 150 percent in three years

icare signs $29m cloud renewal with AWS

Joomla! XSS turns users to admins

By SC Australia Staff

Sep 30 2011 8:58AM

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

Joomla! XSS turns users to admins

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

cms joomla security vulnerabilities xss

Partner Content

AI Supercharged: How Search is Powering the Future

Partner Content AI Supercharged: How Search is Powering the Future

Australian organisations must act on security – or risk AI ambitions falling flat

Partner Content Australian organisations must act on security – or risk AI ambitions falling flat

AI Copilot: Breaking Down Silos & Securing the Future

AI Copilot: Breaking Down Silos & Securing the Future

ElasticON Sydney 2025: Deriving value from your data with Search AI

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Sponsored Whitepapers

See everything. Do more.

See everything. Do more.

Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Diamond IT Delivers GRC Transformation with Microsoft Purview

Diamond IT Delivers GRC Transformation with Microsoft Purview

Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Dave Stevens on Brennan's evolution and the need for Aussie tech unity

Dave Stevens on Brennan's evolution and the need for Aussie tech unity

Sydney's ITKnocks on contact centre AI and the slow death of the IVR

Sydney's ITKnocks on contact centre AI and the slow death of the IVR

"It's an exciting time to be part of the health and aged care sector"

"It's an exciting time to be part of the health and aged care sector"

Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security

Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security

Orro claims Australia first with managed digital asset discovery service

Orro claims Australia first with managed digital asset discovery service

Most popular tech stories