Frontpage

Newsletter & Updates

I am totally relaxed!

Because I know Joomlamonitor is working for me. Whenever my website is down, I get an instant alert (and a copy goes to my web-host too!)
Do you wanna try?

Searching for files online? File search system - best decision. Seop for search engine optimization. Now you can build a website by yourself.

[20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered

Project: Joomla!
SubProject: Site client
Severity: Moderate
Versions: 1.5.11 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-June-30
Fixed Date: 2009-June-30

Description

An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

Affected Installs

All 1.5.x installs prior to and including 1.5.11 are affected.

Solution

Upgrade to latest Joomla! version (1.5.12 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

Read full...

Author:

< Prev		Next >

More Articles in This Category
[20100423] - Core - Negative Values for Limit and Offset [20100423] - Core - Installer Migration Script [20100501] - Core - XSS Vulnerabilities in Back End [20120201] - Core - Information Disclosure [20100704] - Core - XSS Vulnerabillitis in Back End	[20111002] - Core - Information Disclosure [20100703] - Core - XSS Vulnerabillitis in Back End [20111003] - Core - Information Disclosure [20100423] - Core - Installer Migration Script [20090302] - Core - com_content XSS