Toolbar

Security Announcements

  1. [20190302] - Core - XSS in item_title layout
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0 through 3.9.3
    • Exploit type: XSS
    • Reported Date: 2019-February-25
    • Fixed Date: 2019-March-12
    • CVE Number: CVE-2019-9711

    Description

    The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.9.3

    Solution

    Upgrade to version 3.9.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Fouad Maakor
  2. [20190304] - Core - Missing ACL check in sample data plugins
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: High
    • Versions: 3.8.0 through 3.9.3
    • Exploit type: XSS
    • Reported Date: 2019-February-28
    • Fixed Date: 2019-March-12
    • CVE Number: CVE-2019-9713

    Description

    The sample data plugins lack ACL checks, allowing unauthorized access.

    Affected Installs

    Joomla! CMS versions 3.8.0 through 3.9.3

    Solution

    Upgrade to version 3.9.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Sven Hurt, Benjamin Trenkle
  3. [20190303] - Core - XSS in media form field
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0 through 3.9.3
    • Exploit type: XSS
    • Reported Date: 2019-February-25
    • Fixed Date: 2019-March-12
    • CVE Number: CVE-2019-9714

    Description

    The media form field lacks escaping, leading to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.9.3

    Solution

    Upgrade to version 3.9.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Fouad Maakor
  4. [20190301] - Core - XSS in com_config JSON handler
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.2.0 through 3.9.3
    • Exploit type: XSS
    • Reported Date: 2019-March-04
    • Fixed Date: 2019-March-12
    • CVE Number: CVE-2019-9712

    Description

    The JSON handler in com_config lacks input validation, leading to XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 3.2.0 through 3.9.3

    Solution

    Upgrade to version 3.9.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Mario Korth, Hackmanit
  5. [20190206] - Core - Implement the TYPO3 PHAR stream wrapper
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: Object Injection
    • Reported Date: 2019-January-18
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7743

    Description

    The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin (JSST)

Hello... I Am JA Lens in Module Manager

A web Desiginer & Photographer from London in Module Manager : Module Custom HTML

A little about us

Sample Image
 Our web page provides updates to our activities and friends in US and abroad.  We like to share our highlights with you.
 
About us info MM "Module Custom HTML"
 
Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Nullam id dolor id nibh ultricies. Etiam justo lectus, placerat vel aliquet et, varius quis mauris. Quisque mollis mauris sit amet ipsum.Read more About me

Timeline Features

Learn more about the Timeline Template features

Header Social

Not Enough. Want to stay informed? Follow me now..."Header Social MM Module custom html "