Colin Wong

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.7.x and 2.5.x before 2.5.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Joomla! versions 1.7.x, update to a version outside of the affected range. For Joomla! versions 2.5.x before 2.5.2, update to version 2.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 2.5.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 2.5.0 and 2.5.1, update to a version that contains a fix for this issue.