Latest News

RACQ progresses digital transformation with expanded Adobe stack

Anthropic's Mythos model found vulnerabilities in classified US gov systems

OAIC sweep unearths health sites' covert user tracking

Westpac taps Macquarie BFS' CIO as its new IT leader

Digital sovereignty is no longer optional - Agentic AI has made it fundamental

Joomla! XSS turns users to admins

By SC Australia Staff

Sep 30 2011 8:58AM

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

Joomla! XSS turns users to admins

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

cms joomla security vulnerabilities xss

Partner Content

You meet the security standard. Shame no one can see it

Promoted Content You meet the security standard. Shame no one can see it

Why resilient communications are becoming critical infrastructure for modern enterprise IT

Promoted Content Why resilient communications are becoming critical infrastructure for modern enterprise IT

Scalable AI solutions: secure delivery

Scalable AI solutions: secure delivery

AI agents are reshaping identity governance, and attackers are already exploiting the gap

Partner Content AI agents are reshaping identity governance, and attackers are already exploiting the gap

Sponsored Whitepapers

Cloud Covered Report: New Zealand

Cloud Covered Report: New Zealand

How healthcare organisations can get more value from cloud

How healthcare organisations can get more value from cloud

The governed agent: A new framework for responsible AI at scale

The governed agent: A new framework for responsible AI at scale

Securing Machinery of Government changes

Securing Machinery of Government changes

Identity: The fabric of enterprise defense

Identity: The fabric of enterprise defense

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

ASD draws a hard line on developers lacking security skills

ASD draws a hard line on developers lacking security skills

Fake IT worker threat spreads outside tech sector in Australia

Fake IT worker threat spreads outside tech sector in Australia

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories