SECUNIA ADVISORY ID:
SA35668
VERIFY ADVISORY:
http://secunia.com/advisories/35668/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in
Joomla!, which can be exploited by malicious people to conduct
cross-site scripting attacks or to disclose system information.
1) Input passed via the "HTTP_REFERER" is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
2) Input passed via the URL is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
3) A security issue exists due to certain files missing the check for
JEXEC, which can lead to the disclosure of path information.
The security issue and the vulnerabilities are reported in versions
prior to 1.5.12.
SOLUTION:
Update to version 1.5.12.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Juan Galiana Lara (Internet Security
Auditors).
2) The vendor credits Paul Boekholt (Byte Internet).
ORIGINAL ADVISORY:
http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html
http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html
http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html