• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-February-26
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3059

Description

Inadequate filtering leads to XSS vulnerability in Voting plugin.

Affected Installs

Joomla! version 2.5.9

Version 12.2 ("Neil Armstrong") of the Joomla Platform was tagged and released on 21 September 2012. It is the second release of the 12.x series. Joomla Platform 12.2 was also included in the Joomla CMS 3.0 release. In addition to numerous bug fixes, it also brings new features, the main ones: 

• New (and generic) web application routers
• New password

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-February-15
• Fixed Date: 2013-April-24
• CVE Number: None

Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.9

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 3.0.0
• Exploit type: XSS Vulnerability
• Reported Date: 2012-October-01
• Fixed Date: 2012-October-09

Description

Typographical error leads to XSS vulnerability in language search component.

Affected Installs

Joomla! version 3.0.0.

Solution

Upgrade to version 3.0.1

Reported by Jeff Channell

Contact

The JSST at