Latest News

M365 portal buckling as demand for Copilot refunds soar

DVA trials ChatGPT-based tool with 300 staff

Microsoft launches 'superintelligence' team

In pictures: The 2025 iTnews Benchmark Security Awards winners

NAB hits milestone with tech role insourcing

Joomla! XSS turns users to admins

By SC Australia Staff

Sep 30 2011 8:58AM

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

Joomla! XSS turns users to admins

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

cms joomla security vulnerabilities xss

Partner Content

Machine identity a key priority for organisations’ security strategies: CyberArk

Partner Content Machine identity a key priority for organisations’ security strategies: CyberArk

Logicalis APAC CIO Report: The CIO’s 2025 Mandate

Partner Content Logicalis APAC CIO Report: The CIO’s 2025 Mandate

ElasticON Sydney 2025: Deriving value from your data with Search AI

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Partner Content Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML

Sponsored Whitepapers

2026 Engineering Reality Report

2026 Engineering Reality Report

How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets

How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets

Defend Your Network from the Next Generation of AI Threats

Defend Your Network from the Next Generation of AI Threats

Optus Enterprise Mobility

Optus Enterprise Mobility

Life After VMware: Scale Securely with mCloud by Micron21

Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

The BoM has finally tamed SSL

The BoM has finally tamed SSL

Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack

Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia

Vic gov agencies flying blind on server security, audit finds

Vic gov agencies flying blind on server security, audit finds

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories