Description: Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1) An error exists in restricting direct access to users' vCard via URL. This can be exploited to retrieve users' vCards and gain access to their email addresses even when vCard access has been disabled.
2) A vulnerable version of TinyMCE is used by Joomla!.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.