- Detalji os-a: MAC, LDE, FED, FBS, LGE, HPU, LMV, LRH, LSU, LUB, W03, W08, WN7, VIS
- Važnost: IMP
- Operativni sustavi: O
- Kategorije: APL, LDE, LFE, FBS, LGE, HPQ, LMV, LRH, LSU, ALL, LUB, W10, W03, W08, W12, WN7, WN8, VIS
Security Centre
///////////////////////////////////////////
[20150908] – Core – XSS Vulnerability
Posted: 08 Sep 2015 07:25 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/CARbJMNz3LY/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: requested
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
Solution
Upgrade to version 3.4.4
Contact
The JSST at the Joomla! Security Center.
Reported By: cfreer
—
You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0
Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>
h1 a:hover {background-color:#888;color:#fff ! important;}
div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}
div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}
div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}
table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}
img {border:none;}
</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/CARbJMNz3LY/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email”>[20150908] – Core – XSS Vulnerability</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 08 Sep 2015 07:25 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.4.0 through 3.4.3</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2015-August-18</li>
<li>Fixed Date: 2015-September-08</li>
<li>CVE Number: requested</li>
</ul>
<h3>Description</h3>
<p>Inadequate escaping leads to XSS vulnerability in login module.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.4.0 through 3.4.3</p>
<h3>Solution</h3>
<p>Upgrade to version 3.4.4</p>
<h3>Contact</h3>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> cfreer</div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=CARbJMNz3LY:JuYag_yS-4A:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/CARbJMNz3LY?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>.<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2015-09-0022-ADV |
| ID izvornika | 20150908 |
| Proizvod | Joomla! |
| Izvor | http://www.joomla.org/ |
