14 DAY TRIAL // Previous versions of Joomla!, the popular open source CMS, contained flaws that could allow an attacker to change a user's password and even launch cross-site scripting attacks.
The 1.5.x, 1.6.x and the 1.7.x variants were affected by the security holes that could have presented real risks to users.
Joomla! 1.5.24 and earlier 1.5 versions presented a weak random number generation during the password reset process, fact which could have allowed a cybercriminal to change a user's password.
Besides this issue, 1.7.2 and all earlier 1.7.x and 1.6.x versions had an XSS vulnerability in the back end due to an inadequate filtering.
The latest update also comes with fixes for more than 70 bugs that are non-security related.
Joomla! 1.7.3 / 1.6.6 / 1.5.25 / 1.0.15 is available for download here