In association with heise online

12 November 2008, 16:25

Joomla update eliminates vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the open source content management system Joomla have released version 1.5.8, which eliminates two vulnerabilities. Joomla's security announcements say an error in the defaults on com_content article submission allow the entry of dangerous HTML tags and JavaScripts. When an article is opened, the code is executed in the victim's browser. Only users with access level Author or higher are reported to be affected.

A similar error is also present in com_weblinks, allowing an attacker to write raw HTML into the title and description tags for weblink submissions. Joomla 1.5.x up to and including 1.5.8 is affected. Besides these vulnerabilities, the update also eliminates many errors that don't relate to security.

See Also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-738099
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit