=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN492
_____________________________________________________________________

DATE                : 08/11/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Joomla! versions 2.5.x, 3.x prior
                             to 2.5.16, 3.1.6, 3.2.

======================================================================
http://developer.joomla.org/security/570-core-xss-20131101.html
http://developer.joomla.org/security/571-core-xss-20131102.html
http://developer.joomla.org/security/572-core-xss-20131103.html
______________________________________________________________________

[20131101] Core XSS Vulnerability

    Project: Joomla!
    SubProject: All
    Severity: High
    Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x
              versions.
    Exploit type: XSS Vulnerability
    Reported Date: 2013-October-25
    Fixed Date: 2013-November-06
    CVE Number:


Description

Inadequate filtering leads to XSS vulnerability in com_contact.


Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and
earlier 3.0.x versions.


Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact

The JSST at the Joomla! Security Center.
______________________________________________________________________


[20131102] Core XSS Vulnerability

    Project: Joomla!
    SubProject: All
    Severity: Moderate
    Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x
               versions.
    Exploit type: XSS Vulnerability
    Reported Date: 2013-October-06
    Fixed Date: 2013-November-06
    CVE Number:


Description

Inadequate filtering leads to XSS vulnerability in com_contact,
com_weblinks, com_newsfeeds.


Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5
and earlier 3.0.x versions.


Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact

The JSST at the Joomla! Security Center.

______________________________________________________________________


[20131103] Core XSS Vulnerability

    Project: Joomla!
    SubProject: All
    Severity: Moderate
    Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x
               versions.
    Exploit type: XSS Vulnerability
    Reported Date: 2013-October-26
    Fixed Date: 2013-November-06
    CVE Number:


Description

Inadequate filtering leads to XSS vulnerability in com_contact.


Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5
and earlier 3.0.x versions.


Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.


Contact

The JSST at the Joomla! Security Center.

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================