Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:
Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.
The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:
- Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
- Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
- An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.
See the original advisory post here.