Joomla! Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA53202

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/53202/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=53202

RELEASE DATE:
2013-04-25
DESCRIPTION:
Multiple vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to conduct cross-site scripting attacks and
potentially cause a DoS (Denial of Service).

1) The application does not properly verify authorisation when
deleting private messages. This can be exploited to e.g. delete
otherwise inaccessible private messages.

2) The application does not properly verify authorisation when
viewing permissions. This can be exploited to e.g. disclose otherwise
inaccessible permission settings.

3) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

4) Certain unspecified input related to the Flash-based file uploader
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

5) Certain unspecified input related to the Voting plugin is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

6) An unspecified error related to the "unserialize()" function can
be exploited to potentially cause a DoS (Denial of Service).

7) Certain unspecified input related to the Highlighter plugin is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 2.5.10 and
3.1.0.

SOLUTION:
Update to version 2.5.10 or 3.1.0.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1,2) Francois Gauthier
3) James Kettle
4) Reginaldo Silva
5) Yannick Gaultier and Jeff Channell
6) Egidio Romano
7) Vertical Pigeon

ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5493-joomla-2-5-10-released.html
http://www.joomla.org/announcements/release-news/5494-joomla-3-1-0-stable-released.html
http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html
http://developer.joomla.org/security/82-20130402-core-information-disclosure.html
http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html
http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html
http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html
http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html
http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html