- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0 through 3.9.4
- Exploit type: XSS
- Reported Date: 2019-March-25
- Fixed Date: 2019-April-09
- CVE Number: TBA
Description
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.2.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-March-04
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9712
Description
The JSON handler in com_config lacks input validation, leading to XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9714
Description
The media form field lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9711
Description
The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Versions: 3.8.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-28
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9713
Description
The sample data plugins lack ACL checks, allowing unauthorized access.
Affected Installs
Joomla! CMS versions 3.8.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre....