The essential news about content management systems and mobile technology. Powered by Perfect Publisher and XT Search for Algolia.
The News Site publishes posts to the following channels: Facebook, Instagram, Twitter, Telegram, Web Push, Tumblr, and Blogger.
Lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
Joomla! CMS versions 3.1.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre....
Lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
Joomla! CMS versions 3.9.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre....
Lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Joomla! CMS versions 3.0.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre....
Lack of input validation while handling ACL rulesets can cause write ACL violations.
Joomla! CMS versions 1.7.0 - 3.9.22
Upgrade to version 3.9.23
The JSST at the Joomla! Security Centre....
A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
Joomla! CMS versions 3.9.0 - 3.9.22
Upgrade to version 3.9.23
The JSST at the Joomla! Security Centre....