The essential news about content management systems and mobile technology. Powered by Perfect Publisher and XT Search for Algolia.
The News Site publishes posts to the following channels: Facebook, Instagram, Twitter, Telegram, Web Push, Tumblr, and Blogger.
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Joomla! CMS versions 3.0.0 - 3.9.11
Upgrade to version 3.9.12
The JSST at the Joomla! Security Centre....
Inadequate checks in com_contact could allowed mail submission in disabled forms.
Joomla! CMS versions 1.6.2 - 3.9.10
Upgrade to version 3.9.11
The JSST at the Joomla! Security Centre....
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Joomla! CMS versions 3.9.7 - 3.9.8
Upgrade to version 3.9.9
The JSST at the Joomla! Security Centre....
The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
Joomla! CMS versions 3.8.13 through 3.9.6
Upgrade to version 3.9.7
The JSST at the Joomla! Security Centre....
The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.
Joomla! CMS versions 3.6.0 through 3.9.6
Upgrade to version 3.9.7
The JSST at the Joomla! Security Centre....