The essential news about content management systems and mobile technology. Powered by Joocial, XT Search for Algolia, and SlimApps.

Details
Category: Security Announcements
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.2
  • Exploit type: XSS
  • Reported Date: 2018-November-13
  • Fixed Date: 2019-February-12
  • CVE Number: CVE-2019-7744

Description

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

Details
Category: Security Announcements
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-05
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6262

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Mario Korth, Hackmanit

Read more

Details
Category: Security Announcements
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-04
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6261

Description

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

Details
Category: Security Announcements
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-November-29
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6263

Description

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Sébastien Poirier

Read more

Details
Category: Security Announcements
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-01
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6264

Description

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre....

Reported By: Antonin Steinhauser

Read more

  1. [20181005] - Core - CSRF hardening in com_installer
  2. [20181002] - Core - Inadequate default access level for com_joomlaupdate
  3. [20181001] - Core - Hardening com_contact contact form
  4. [20180104] - Core - SQLi vulnerability in Hathor postinstall message

© 2021 Extly, CB - All rights reserved.