Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1) An error exists in restricting direct access to users' vCard via URL. This can be exploited to retrieve users' vCards and gain access to their email addresses even when vCard access has been disabled.
2) A vulnerable version of TinyMCE is used by Joomla!.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Joomla! vCard Email Address Disclosure and TinyMCE Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.