The essential news about content management systems and mobile technology. Powered by Perfect Publisher and XT Search for Algolia.
The News Site publishes posts to the following channels: Facebook, Instagram, Twitter, Telegram, Web Push, Tumblr, and Blogger.
The media manager does not correctly check the user's permissions before executing a file deletion command.
Joomla! CMS versions 4.0.0
Upgrade to version 4.0.1
The JSST at the Joomla! Security Centre....
Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
Joomla! CMS versions 3.0.0 - 3.9.27
Upgrade to version 3.9.28
The JSST at the Joomla! Security Centre....
Read more https://developer.joomla.org/security-centre/860-20210705-core-xss-in-com-media-imagelist.html
Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already.
Joomla! CMS versions 2.5.0 - 3.9.27
Upgrade to version 3.9.28
The JSST at the Joomla! Security Centre....
Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
Joomla! CMS versions 2.5.0 - 3.9.27
Upgrade to version 3.9.28
The JSST at the Joomla! Security Centre....
Missing validation of input could lead to a broken usergroups table.
Joomla! CMS versions 2.5.0 - 3.9.27
Upgrade to version 3.9.28
The JSST at the Joomla! Security Centre....