George Argyros

**Name of the Vulnerable Software and Affected Versions** Joomla! core versions prior to 2.5.3 **Description** The issue allows for unauthorized password changes. **Recommendations** For versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.17.x through 1.17.2 MediaWiki versions 1.18.x through 1.18.1 **Description** The issue allows remote attackers to change the passwords of arbitrary users due to the use of weak random numbers for password reset tokens. **Recommendations** For MediaWiki versions 1.17.x through 1.17.2, update to version 1.17.3 or later. For MediaWiki versions 1.18.x through 1.18.1, update to version 1.18.2 or later.

**Name of the Vulnerable Software and Affected Versions** Gallery 2 versions prior to 2.3.2 Gallery 3 versions prior to 3.0.3 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Gallery 2 versions prior to 2.3.2, update to version 2.3.2 or later. For Gallery 3 versions prior to 3.0.3, update to version 3.0.3 or later.