漏洞信息详情
Joomla! 多个跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200904-210
- 危害等级: 中危
- CVE编号: CVE-2009-1279
- 漏洞类型: 跨站脚本
- 发布时间: 2009-04-09
- 威胁类型: 远程
- 更新时间: 2009-04-09
- 厂 商: joomla
- 漏洞来源: Joomla
漏洞简介
Joomla! 1.5到1.5.9版本存在多个跨站脚本攻击漏洞。远程攻击者可以借助未明向量,注入任意的web脚本或HTML。这些未明向量是到(1)com_admin组件,(2)com_search组件(当\"搜集搜索统计数据\"被激活时)以及(3)com_content组件中的类别查看的向量。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Joomla Joomla ; 1.5.0 Beta
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla ; 1.5 RC3
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla ; 1.5 RC1
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla ; 1.5 Beta 2
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla ; 1.5 RC2
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10-Stable-Full_Package.zip
Joomla Joomla 1.5
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.1
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.2
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.3
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.4
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.5
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.6
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.7
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
Joomla Joomla 1.5.8
Joomla ; Joomla_1.5.10-Stable-Full_Package.zip
http://joomlacode.org/gf/download/frsrelease/9910/37908/Joomla_1.5.10- Stable-Full_Package.zip
参考网址
来源: BID
名称: 34360
链接:http://www.securityfocus.com/bid/34360
来源: XF
名称: admin-search-unspecified-xss(49655)
链接:http://xforce.iss.net/xforce/xfdb/49655
来源: XF
名称: content-categoryview-xss(49654)
链接:http://xforce.iss.net/xforce/xfdb/49654
来源: SECUNIA
名称: 34551
链接:http://secunia.com/advisories/34551
来源: developer.joomla.org
链接:http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.HTML
来源: developer.joomla.org
链接:http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.HTML
受影响实体
- Joomla Joomla:1.5
- Joomla Joomla:1.5.9
- Joomla Joomla:1.5.8
- Joomla Joomla:1.5.7
- Joomla Joomla:1.5.5
补丁
暂无
评论