VuXML: Joomla! -- XXS and DDoS vulnerabilities

VuXML ID	57df803e-af34-11e2-8d62-6cf0490a8c18
Discovery	2013-04-24
Entry	2013-04-27

The JSST and the Joomla! Security Center report:

[20130405] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in Voting plugin.

[source]

[20130403] - Core - XSS Vulnerability

Inadequate filtering allows possibility of XSS exploit in some circumstances.

[source]

[20130402] - Core - Information Disclosure

Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.

[source]

[20130404] - Core - XSS Vulnerability

Use of old version of Flash-based file uploader leads to XSS vulnerability.

[source]

[20130401] - Core - Privilege Escalation

Inadequate permission checking allows unauthorised user to delete private messages.

[source]

[20130406] - Core - DOS Vulnerability

Object unserialize method leads to possible denial of service vulnerability.

[source]

[20130407] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in highlighter plugin

[source]

CVE Name	CVE-2013-3056
CVE Name	CVE-2013-3057
CVE Name	CVE-2013-3058
CVE Name	CVE-2013-3059
CVE Name	CVE-2013-3242
CVE Name	CVE-2013-3267
URL	http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html

Joomla! -- XXS and DDoS vulnerabilities

Details

[20130405] - Core - XSS Vulnerability

[20130403] - Core - XSS Vulnerability

[20130402] - Core - Information Disclosure

[20130404] - Core - XSS Vulnerability

[20130401] - Core - Privilege Escalation

[20130406] - Core - DOS Vulnerability

[20130407] - Core - XSS Vulnerability

References