If you’re running Joomla on any of your websites be aware that there is a major security update available. This update will protect your site from a range of exploits discovered in the current verson of Joomla. From the security mailing list:
[20090302] – Core – com_content XSSPosted: 25 Mar 2009 10:08 AM PDT
Project: Joomla!
SubProject: com_content
Severity: Low
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-March-12
Fixed Date: 2009-March-27
Description
A XSS vulnerability exists in the category view of com_content.
Affected Installs:
All 1.5.x installs prior to and including 1.5.9 are affected.
Solution:
Upgrade to latest Joomla! version (1.5.10 or newer).
Posted: 25 Mar 2009 10:02 AM PDT
Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27
Description:
A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
Affected Installs:
All 1.5.x installs prior to and including 1.5.9 are affected. The com_search XSS vulnerability requires that “Gather Search Statistics” be enabled to be exploitable (Disabled by default).
Solution: