Re: Fwd: XSS vulnerability in Joomla 1.6.3

[Kurt Seifried <kseifried () redhat com>]

On 11/21/2011 02:39 PM, Henri Salo wrote:
> On Mon, Nov 21, 2011 at 02:20:00PM -0700, Kurt Seifried wrote:
> > On 11/21/2011 11:01 AM, Henri Salo wrote:
> > > Can we get CVE-identifier assigned for this issue, thank you?
> > >
> > > Best regards,
> > > Henri Salo
> > >
> > > ----- Forwarded message from Netsparker Advisories <advisories () mavitunasecurity com> -----
> > >
> > > Date: Thu, 10 Nov 2011 16:32:12 +0200
> > > From: Netsparker Advisories <advisories () mavitunasecurity com>
> > > To: bugtraq () securityfocus com, full-disclosure () lists grok org uk
> > > Subject: [Full-disclosure] XSS vulnerability in Joomla 1.6.3
> > >
> > > Information
> > > --------------------
> > > Name :  XSS vulnerability in Joomla 1.6.3.
> > > Software :  All 1.6.x installs prior to and including 1.6.3 are affected.
> > > Vendor Hompeage :  http://www.joomla.org
> > > Vulnerability Type :  Cross-Site Scripting
> > > Severity :  High
> > > Researcher :  Mesut Timur <mesut [at] mavitunasecurity [dot] com>
> > > Advisory Reference :  NS-11-009
> > >
> > > Description
> > > ------------------
> > > Joomla is an award-winning content management system (CMS), which
> > > enables you to build Web sites and powerful online applications. Many
> > > aspects, including its ease-of-use and extensibility, have made Joomla
> > > the most popular Web site software available. Best of all, Joomla is
> > > an open source solution that is freely available to everyone.
> > >
> > > Details
> > > -------------------
> > > Joomla is affected by a XSS vulnerability in various administrator
> > > screens. All 1.6.x installs prior to and including 1.6.3 are affected.
> > > You can read the full article about Cross-Site Scripting
> > > vulnerabilities from here :
> > > http://www.mavitunasecurity.com/crosssite-scripting-xss/
> > >
> > > Solution
> > > -------------------
> > > Upgrade to the latest Joomla! version (1.6.4 or later).
> > >
> > > Credits
> > > -------------------
> > > It has been discovered on testing of Netsparker, Web Application
> > > Security Scanner - http://www.mavitunasecurity.com/netsparker/
> > >
> > > References
> > > -------------------
> > > 1. Vendor URL: http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html
> > > 2. MSL Advisory Link :
> > > http://www.mavitunasecurity.com/xss-vulnerability-in-joomla-163/
> > > 3. Netsparker Advisories :
> > > http://www.mavitunasecurity.com/netsparker-advisories/
> > >
> > > About Netsparker
> > > -------------------
> > > Netsparker® can find and report security issues such as SQL Injection
> > > and Cross-site Scripting (XSS) in all web applications regardless of
> > > the platform and the technology they are built on. Netsparker's unique
> > > detection and exploitation techniques allows it to be dead accurate in
> > > reporting hence it's the first and the only False Positive Free web
> > > application security scanner.
> > Can you confirm that this is a different issue from CVE-2011-2708 and
> > CVE-2011-3595?
> >
> > -- 
> >
> > -Kurt Seifried / Red Hat Security Response Team
> CVE-2011-2708 and CVE-2011-2710 are both about 20110701 XSS vulnerability: 
> http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html and I have already contacted MITRE 
> twice to get another one marked as obsolete.
>
> This new is about: 20110601 XSS Vulnerabilities: 
> http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html
>
> Sorry, but I don't know where to find SVN/GIT/CVS logs.
>
> Best regards,
> Henri Salo

Please use CVE-2011-4332 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team