Newsfeeds
Security Announcements


  • [20190104] - Core - Stored XSS issue in the Global Configuration help url
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-05
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6262

    Description

    Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Mario Korth, Hackmanit


  • [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-November-29
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6263

    Description

    Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Qualys WAF security team


  • [20190102] - Core - Stored XSS in com_contact
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-04
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6261

    Description

    Inadequate escaping in com_contact leads to a stored XSS vulnerability

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Antonin Steinhauser


  • [20190101] - Core - Stored XSS in mod_banners
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.1
    • Exploit type: XSS
    • Reported Date: 2018-December-01
    • Fixed Date: 2019-January-15
    • CVE Number: CVE-2019-6264

    Description

    Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.1

    Solution

    Upgrade to version 3.9.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Antonin Steinhauser


  • [20181005] - Core - CSRF hardening in com_installer
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0 through 3.8.12
    • Exploit type: CSRF
    • Reported Date: 2018-September-26
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17858

    Description

    Added additional CSRF hardening in com_installer actions in the backend.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Raviraj A. Powar


Zen - Meeting your Business Broadband needs. Award-winning broadband, 1 month contract, Up to 20Mbps downstream, Premier Customer Service. Broadband from just £15.31 per month ex. VAT. Order Now. Award Winning Business Broadband from £15.31 per month ex. VAT. Order Now.