Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 7 Jan 2011 17:31:53 +0800

Joomla! Security Team has confirmed that this issue will not be fixed.


While noted, your exploit report does not fall within the JSST remit as
we no longer support J1.0.x branch (as you are aware and indicate).
The vulnerability mentioned is not known to exist in any current supported release.
Please ensure you are using the latest version of Joomla!


The advisory has been updated with vendor's response:
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting

The CVE ID, CVE-2011-0005, has been assigned for it.

 ---------------------------------
 Best regards,
 YGN Ethical Hacker Group
 Yangon, Myanmar
 http://yehg.net
 Our Lab | http://yehg.net/lab
 Our Directory | http://yehg.net/hwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]