The Joomla open source content management system has been updated to patch a flaw that could be exploited to change a user's password.
"The 1.5.x versions, 1.6.x versions and 1.7.x versions are affected," The H Security reports. "Joomla! 1.5.25 and 1.7.3 have been released to address the issue described by the developers as 'high-risk.'"
"Another security issue in version 1.7.x, involving inadequate filtering of an unspecified field, which could be used for cross site scripting (XSS) attacks has also been addressed," the article states.
Go to "Joomla! updates close security holes" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.