If you’re running Joomla on any of your websites be aware that there is a major security update available. This update will protect your site from a range of exploits discovered in the current verson of Joomla. From the security mailing list:

[20090302] – Core – com_content XSS
Posted: 25 Mar 2009 10:08 AM PDT
Project: Joomla!
SubProject: com_content
Severity: Low
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-March-12
Fixed Date: 2009-March-27
Description

A XSS vulnerability exists in the category view of com_content.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

[20090301] – Core – Multiple XSS/CSRF
Posted: 25 Mar 2009 10:02 AM PDT
Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27
Description:

A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.  The com_search XSS vulnerability requires that “Gather Search Statistics” be enabled to be exploitable (Disabled by default).

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).