Joomla Third-Party Modules Multiple Vulnerabilities


Description   (#Multiple vulnerabilities have been identified in third-party modules for Joomla:#- Komento: stored cross-site scripting via image upload feature in comments#- Jetext: local file inclusion via "file" parameter of "index.php?option=com_jetext&task=download" script page (CVE-2015-7324).##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   Version 2.0.5 of "Komento" plugin fixes the vulnerability impacting it.
     
CVE   CVE-2015-7324
     
References   - Full Disclosure : Komento Joomla! component Persistent XSS
http://seclists.org/fulldisclosure/2015/Oct/11
- 0day.today : Joomla jetext Local File Disclosure Vulnerability
http://0day.today/exploit/24360
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-10-03 

 Target Type 
Server 

 Possible exploit 
Remote