(LiveHacking.Com) – A new version of the popular open source CMS Joomla has been released to fix a vulnerability in the random number generation used for resetting passwords. If exploited the weakness could allow an attacker to change a user’s password and so gain access to their account.
Joomla! 1.5.25 and 1.7.3 have been released to fix the “high-risk” issue that affects the 1.5.x, versions, the 1.6.x versions and 1.7.x versions. Joomla 1.7.3 also addresses a cross site scripting vulnerability found in the 1.6 and 1.7 series. According to the security note there was inadequate filtering that leads to XSS vulnerability in back end. The Joomla team also used this update to fix more than 70 non-security-related bugs.
More details about the updates can be found in the 1.5.25 and 1.7.3 release announcements, as well as the Joomla! security advisories. Joomla! 1.5.25 and 1.7.3 are available to download from the project’s site.