Vigil@nce - Joomla: multiple vulnerabilities
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Joomla.
Impacted products: Joomla
Severity: 2/4
Creation date: 25/04/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Joomla.
An attacker can delete private messages. [severity:2/4; BID-59490,
CVE-2013-3056]
An attacker can read access permissions. [severity:2/4; BID-59489,
CVE-2013-3057]
An attacker can trigger a Cross Site Scripting, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; BID-59483, CVE-2013-3058]
An attacker can trigger a Cross Site Scripting via a Flash file
uploader, in order to execute JavaScript code in the context of
the web site. [severity:2/4; BID-59485]
An attacker can trigger a Cross Site Scripting in Voting, in order
to execute JavaScript code in the context of the web site.
[severity:2/4; BID-59484, CVE-2013-3059]
An attacker can unserialize an object, in order to trigger a
denial of service. [severity:2/4; BID-59487, CVE-2013-3242,
KIS-2013-04]
An attacker can trigger a Cross Site Scripting in highlighter, in
order to execute JavaScript code in the context of the web site.
[severity:2/4; BID-59486, CVE-2013-3267]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-multiple-vulnerabilities-12715