16°C

Sarajevo

Wednesday
7°C / 26°C

News Feed Category

Joomla! Security News

  1. [20170704] - Core - Installer: Lack of Ownership Verification

    • Project: Joomla!
    • SubProject: CMS Installer
    • Severity: High
    • Versions: 1.0.0 through 3.7.3
    • Exploit type: Lack of Ownership Verification
    • Reported Date: 2017-Apr-06
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11364

    Description

    The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

    Please note: Already installed sites are not affected, as this issue is limited to the installer application!

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck
  2. [20170705] - Core - XSS Vulnerability

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.3
    • Exploit type: XSS
    • Reported Date: 2017-April-26
    • Fixed Date: 2017-July-25
    • CVE Number: CVE-2017-11612

    Description

    Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.7.3

    Solution

    Upgrade to version 3.7.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Beat B, JSST
  3. [20170701] - Core - Information Disclosure

    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: Information Disclosure
    • Reported Date: 2016-Feb-05
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9933

    Description

    Improper cache invalidation leads to disclosure of form contents.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Jeff Channell
  4. [20170702] - Core - XSS Vulnerability

    • Project: Joomla!
    • SubProject: CMS
    • Severity: High
    • Versions: 1.7.3 - 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-04
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-9934

    Description

    Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 1.7.3-3.7.2

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Envo
  5. [20170703] - Core - XSS Vulnerability

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 1.5.0 through 3.7.2
    • Exploit type: XSS
    • Reported Date: 2017-June-22
    • Fixed Date: 2017-July-04
    • CVE Number: CVE-2017-7985

    Description

    Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.6.5

    Solution

    Upgrade to version 3.7.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Fortinet's FortiGuard Labs
 
All for Joomla All for Webmasters