The Joomla! open source CMS has been updated after an error in random number generation when resetting passwords was found that could be exploited by an attacker to change a user's password. The 1.5.x versions, 1.6.x versions and 1.7.x versions are affected. Joomla! 1.5.25 and 1.7.3 have been released to address the issue described by the developers as "high-risk". Another security issue in version 1.7.x, involving inadequate filtering of an unspecified field, which could be used for cross site scripting (XSS) attacks has also been addressed.
November 15th, 2011, 10:54 AM
Joomla! updates close security holes
