==================================================================== CERT-Renater Note d'Information No. 2012/VULN374 ____________________________________________________________________ DATE : 24/09/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Joomla 2.5.x versions prior to 2.5.7. ====================================================================== http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability ______________________________________________________________________ Security News [20120901] - Core - XSS Vulnerability Project: Joomla! SubProject: All Severity: Low Versions: 2.5.6 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-April-30 Fixed Date: 2012-September-13 Description Inadequate escaping of output leads to XSS vulnerability. Affected Installs Joomla! versions 2.5.6 and all earlier 2.5.x versions Solution Upgrade to version 2.5.7 Reported by Janek Vind and Antoine Cervoise Contact The JSST at the Joomla! Security Center. ______________________________________________________________________ [20120901] - Core - XSS Vulnerability Project: Joomla! SubProject: All Severity: Low Versions: 2.5.6 and all earlier 2.5.x versions Exploit type: XSS Vulnerability Reported Date: 2012-April-30 Fixed Date: 2012-September-13 Description Inadequate escaping of output leads to XSS vulnerability. Affected Installs Joomla! versions 2.5.6 and all earlier 2.5.x versions Solution Upgrade to version 2.5.7 Reported by Janek Vind and Antoine Cervoise Contact The JSST at the Joomla! Security Center. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================