The Joomla! open source CMS has been updated after an error in random number generation when resetting passwords was found that could be exploited by an attacker to change a user's password. The 1.5.x versions, 1.6.x versions and 1.7.x versions are affected. Joomla! 1.5.25 and 1.7.3 have been released to address the issue described by the developers as "high-risk". Another security issue in version 1.7.x, involving inadequate filtering of an unspecified field, which could be used for cross site scripting (XSS) attacks has also been addressed.