Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-05
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6262

    Description

    Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Mario Korth, Hackmanit
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-November-29
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6263

    Description

    Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Qualys WAF security team
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-04
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6261

    Description

    Inadequate escaping in com_contact leads to a stored XSS vulnerability

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Antonin Steinhauser
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-01
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6264

    Description

    Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Antonin Steinhauser
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 2.5.0 through 3.8.12
    • Exploit type: CSRF
    • Reported Date: 2018-September-26
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17858

    Description

    Added additional CSRF hardening in com_installer actions in the backend.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Raviraj A. Powar

Desideri maggiori informazioni sui nostri servizi Joomla! ?

Richiedi un preventivo gratuito!

Acquista il template AccessiblePro

Sei una ditta o un privato?  Richiedi tutte le informazioni per l'acquisto e un preventivo gratuito!

Sei una Pubblica Amministrazione? Richiedi tutte le informazioni per l'acquisto su MEPA e un preventivo gratuito!

Disponibile sul MEPA con codici JFAP-PRO-AUTUMN JFAP-PRO-BLUEBEIGE JFAP-PRO-BLUEMAROON JFAP-PRO-GREEN JFAP-PRO-REDBLUE