=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN508
_____________________________________________________________________

DATE                      : 12/11/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Joomla! versions 1.5.7 and
                                 all previous 1.5 releases.

======================================================================
http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html
http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html
______________________________________________________________________

 [20081102] - Core - com_weblinks XSS vulnerability
Monday, 10 November 2008 23:56

    * Project: Joomla!
    * SubProject: com_weblinks
    * Severity:moderate
    * Versions: 1.5.7 and all previous 1.5 releases
    * Exploit type: XSS
    * Reported Date: 2008-November-9
    * Fixed Date: 2008-November-10

Description

com_weblinks allows raw HTML into the title and description tags for
weblink submissions (from both the administrator and site submission forms).


Affected Installs

All 1.5.x installs prior to and including 1.5.7 are affected.


Solution

Upgrade to latest Joomla! version (1.5.8 or newer).

Reported By Gergo Erdosi

Contact

The JSST at the Joomla! Security Center.

________________________________________________________________________

 [20081101] - Core - com_content XSS vulnerability
Monday, 10 November 2008 23:51

    * Project: Joomla!
    * SubProject: com_content
    * Severity:moderate
    * Versions: 1.5.7 and all previous 1.5 releases
    * Exploit type: XSS
    * Reported Date: 2008-October-03
    * Fixed Date: 2008-November-10

Description

The defaults on com_content article submission allow entry of dangerous
HTML tags (script, etc).  This only affects users with access level Author
or higher, and only if you have not set filtering options in com_content
configuration.


Affected Installs

All 1.5.x installs prior to and including 1.5.7 are affected.


Solution

Upgrade to latest Joomla! version (1.5.8 or newer).

Reported By Johan Janssens

Contact

The JSST at the Joomla! Security Center.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================