- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.11
- Exploit type: XSS
- Reported Date: 2019-August-28
- Fixed Date: 2019-September-24
- CVE Number: CVE-2019-16725
Description
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.11
Solution
Upgrade to version 3.9.12
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.6.2 - 3.9.10
- Exploit type: Incorrect Access Control
- Reported Date: 2019-April-09
- Fixed Date: 2019-August-13
- CVE Number: CVE-2019-XXXXX
Description
Inadequate checks in com_contact could allowed mail submission in disabled forms.
Affected Installs
Joomla! CMS versions 1.6.2 - 3.9.10
Solution
Upgrade to version 3.9.11
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.13 through 3.9.6
- Exploit type: Incorrect Access Control
- Reported Date: 2019-April-10
- Fixed Date: 2019-June-11
- CVE Number: CVE-2019-12764
Description
The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
Affected Installs
Joomla! CMS versions 3.8.13 through 3.9.6
Solution
Upgrade to version 3.9.7
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.9.7 - 3.9.8
- Exploit type: Remote Code Execution
- Reported Date: 2019-June-20
- Fixed Date: 2019-July-09
- CVE Number: TBA
Description
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Affected Installs
Joomla! CMS versions 3.9.7 - 3.9.8
Solution
Upgrade to version 3.9.9
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.6.0 through 3.9.6
- Exploit type: XSS
- Reported Date: 2019-January-01
- Fixed Date: 2019-June-11
- CVE Number: CVE-2019-12766
Description
The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.
Affected Installs
Joomla! CMS versions 3.6.0 through 3.9.6
Solution
Upgrade to version 3.9.7
Contact
The JSST at the Joomla! Security Centre....