netenberg.com
September 09, 2010, 04:56:02 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
netenberg.com > Fantastico > Fantastico General (Moderator: kosmo) > Joomla Major Vulnerability in 1.5.x releases under 1.5.18
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Joomla Major Vulnerability in 1.5.x releases under 1.5.18  (Read 476 times)
davidb
Newbie
*
Posts: 1
« on: June 02, 2010, 01:22:13 AM »
Hey all,
Joomla 1.5.17 and older are effected by an XSS Vulnerability. The easiest thing to do is if you are using 1.5.17 already then just download the update package and upload the files over the top (as there are no major changes to joomla's DB).

Bellow is a copy of the reports from Joomla's site:

From http://www.joomla.org/announcements/release-news/5276-joomla-1518-released.html
Quote
Security
    * High Priority - Core - XSS Vulnerabilities in back end. More information »

From http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html
Quote
[20100501] - Core - XSS Vulnerabilities in Back End
Friday, 28 May 2010 00:00
    * Project: Joomla!
    * SubProject: All
    * Severity: High
    * Versions: 1.5.17 and all previous 1.5 releases
    * Exploit type: XSS Injection
    * Reported Date: 2010-May-13
    * Fixed Date: 2010-May-28

Description:
Back-end user can inject javascript in various administrator screens.
Affected Installs
All 1.5.x installs prior to and including 1.5.17 are affected.
Solution
Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by Riyaz Ahemed

Can we please push to get this package updated if it hasn't been done already.
Thanks
Logged
Aric
He's just this guy, you know?
Administrator
Maestro
*****
Posts: 3560


Yeah, I do that...
« Reply #1 on: June 02, 2010, 03:52:14 AM »
Hi,

Thanks for the heads-up. I believe this is being worked on now.

Regards,

Aric
Logged
Before posting about Fantastico, please read the following two posts:
Common Problems FAQ
Information we need when you post
---
Now Shipping:
cPanel: A User's Guide
and:
WHM Administration Guide
davetanguay
Newbie
*
Posts: 2
« Reply #2 on: July 11, 2010, 06:05:02 PM »
Being worked on? Your last reply was over 1 month ago.

Please include Joomla 1.5.18 in Fantastico updates.
Logged
fabiosilva
Newbie
*
Posts: 1
« Reply #3 on: July 11, 2010, 07:28:17 PM »
PLEASE update joomla to latest version!

Less talk, more work!

Thank's!
Logged
fireman_biff
Newbie
*
Posts: 1
« Reply #4 on: July 19, 2010, 08:24:37 PM »
Since the last Fantastico release, Joomla has released versions 1.5.18, 1.5.19 and 1.5.20 which are all security releases.

Any word on when Fantastico will be brought up to date with regards to Joomla?
Logged
kili
Newbie
*
Posts: 4
« Reply #5 on: July 31, 2010, 12:14:37 PM »
Any news when Joomla will be upgraded to the latest version? The delays seem to be getting longer and longer.

Kili
Logged
Mahendra
Administrator
Maestro
*****
Posts: 1925
« Reply #6 on: July 31, 2010, 06:46:09 PM »
Fantastico already has Joomla 1.5.20 as of 9 days ago.

http://www.netenberg.com/forum/index.php?topic=7460.0
Logged
kili
Newbie
*
Posts: 4
« Reply #7 on: July 31, 2010, 07:46:56 PM »
I'm signed up for alerts from Netenberg. I haven't received an email advising of the upgrades. But thank you for the heads up I'll go and check fantastico

Kili
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!