|
Description
|
|
Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks.
1) Input passed via the "searchword" POST parameter to index.php (when "option" is set to "com_search" and "task" is set to "search") is not properly sanitised in the "redirect()" function in libraries/joomla/application/application.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
This may be related to vulnerability #8 in:
SA45094
2) Input passed via the "extension" parameter to administrator/index.php (when "option" is set to "com_categories") and via the "asset" and "author" parameter to administrator/index.php (when "option" is set to "com_media") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vulnerabilities #1 and #2 are reported in versions 1.6.x and 1.7.0.
3) Insufficient error checking can be exploited to disclose certain sensitive information.
This vulnerability is reported in version 1.7.0.
|
