• Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.2
  • Exploit type: XSS
  • Reported Date: 2018-November-13
  • Fixed Date: 2019-February-12
  • CVE Number: CVE-2019-7744

Description

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-05
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6262

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Mario Korth, Hackmanit

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-04
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6261

Description

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-November-29
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6263

Description

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Sébastien Poirier

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-01
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6264

Description

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

© 2021 Extly, CB - All rights reserved.