The essential news about content management systems and mobile technology. Powered by Perfect Publisher and XT Search for Algolia.
The News Site publishes posts to the following channels: Facebook, Instagram, Twitter, Telegram, Web Push, Tumblr, and Blogger.
Missing token checks in com_postinstall cause CSRF vulnerabilities.
Joomla! CMS versions 3.7.0 - 3.9.18
Upgrade to version 3.9.19
The JSST at the Joomla! Security Centre....
Incorrect input validation of the module tag option in com_modules allow XSS attacks.
Joomla! CMS versions 3.0.0 - 3.9.18
Upgrade to version 3.9.19
The JSST at the Joomla! Security Centre....
The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'.
Joomla! CMS versions 2.5.0 - 3.9.18
Upgrade to version 3.9.19
The JSST at the Joomla! Security Centre....
Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks.
Joomla! CMS versions 3.0.0 - 3.9.18
Upgrade to version 3.9.19
The JSST at the Joomla! Security Centre....
Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Joomla! CMS versions 2.5.0 - 3.9.16
Upgrade to version 3.9.17
The JSST at the Joomla! Security Centre....