=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN216
_____________________________________________________________________

DATE                      : 04/06/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Joomla! versions 1.5.x.

======================================================================
http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html
http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html
http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html
______________________________________________________________________

[20090603] - Core - Frontend XSS
Posted: Wed, 03 Jun 2009 05:56:53 +0000

    * Project: Joomla!
    * SubProject: Site client
    * Severity: Low
    * Versions: 1.5.10 and all previous 1.5 releases
    * Exploit type: XSS
    * Reported Date: 2009-May-05
    * Fixed Date: 2009-June-02

Description

Some values were output from the database without being properly
escaped. Most strings in question were sourced from the administrator
panel.


Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.


Solution

Upgrade to latest Joomla! version (1.5.11 or newer).


Contact

The JSST at the Joomla! Security Center.

______________________________________________________________

[20090602] - Core - ja_purity XSS
Posted: Wed, 03 Jun 2009 05:56:42 +0000

    * Project: Joomla!
    * SubProject: ja_purity
    * Severity: Moderate
    * Versions: 1.5.10 and all previous 1.5 releases
    * Exploit type: XSS
    * Reported Date: 2009-April-06
    * Fixed Date: 2009-June-02

Description

A XSS vulnerability exists in the JA_Purity template which ships
with Joomla! 1.5.


Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.
Solution

Upgrade to latest Joomla! version (1.5.11 or newer).


Reported by Juan Galiana Lara.


Contact

The JSST at the Joomla! Security Center.

_________________________________________________________

[20090601] - Core - com_users XSS
Posted: Wed, 03 Jun 2009 05:56:25 +0000

    * Project: Joomla!
    * SubProject: com_users
    * Severity: Moderate
    * Versions: 1.5.10 and all previous 1.5 releases
    * Exploit type: XSS
    * Reported Date: 2009-April-30
    * Fixed Date: 2009-June-02

Description

A XSS vulnerability exists in the user view of com_users in
the administrator panel.


Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.


Solution

Upgrade to latest Joomla! version (1.5.11 or newer).


Reported by Airton Torres.


Contact

The JSST at the Joomla! Security Center.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================