Full Disclosure: Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 7 Jan 2011 17:31:53 +0800

Joomla! Security Team has confirmed that this issue will not be fixed.

While noted, your exploit report does not fall within the JSST remit as
we no longer support J1.0.x branch (as you are aware and indicate).
The vulnerability mentioned is not known to exist in any current supported release.
Please ensure you are using the latest version of Joomla!



The advisory has been updated with vendor's response:
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting

The CVE ID, CVE-2011-0005, has been assigned for it.

 ---------------------------------
 Best regards,
 YGN Ethical Hacker Group
 Yangon, Myanmar
 http://yehg.net
 Our Lab | http://yehg.net/lab
 Our Directory | http://yehg.net/hwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 05)
- Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 07)
- Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 13)
  - Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 13)