The essential news about content management systems and mobile technology. Powered by Perfect Publisher and XT Search for Algolia.
The News Site publishes posts to the following channels: Facebook, Instagram, Twitter, Telegram, Web Push, Tumblr, and Blogger.
Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
Joomla! CMS versions 2.5.0 - 3.9.15
Upgrade to version 3.9.16
The JSST at the Joomla! Security Centre....
Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.
Joomla! CMS versions 3.0.0 - 3.9.15
Upgrade to version 3.9.16
The JSST at the Joomla! Security Centre....
Missing token checks in the image actions of com_templates causes CSRF vulnerabilities.
Joomla! CMS versions 3.2.0 - 3.9.15
Upgrade to version 3.9.16
The JSST at the Joomla! Security Centre....
Inadequate escaping of usernames allow XSS attacks in com_actionlogs.
Joomla! CMS versions 3.9.0 - 3.9.14
Upgrade to version 3.9.15
The JSST at the Joomla! Security Centre....
A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Joomla! CMS versions 3.0.0 - 3.9.14
Upgrade to version 3.9.15
The JSST at the Joomla! Security Centre....