You are here

Joomla

[20170901] - Core - Information Disclosure

Joomla Security - Mar, 09/19/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.7.0 through 3.7.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-August-4
  • Fixed Date: 2017-September-19
  • CVE Number: CVE-2017-14595
Description

A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.7.5

Solution

Upgrade to version 3.8.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Michal Prochaczek
Categorías: Joomla

[20170902] - Core - LDAP Information Disclosure

Joomla Security - Mar, 09/19/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 1.5.0 through 3.7.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-July-27
  • Fixed Date: 2017-September-19
  • CVE Number: CVE-2017-14596
Description

Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.7.5

Solution

Upgrade to version 3.8.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
Categorías: Joomla

[20170704] - Core - Installer: Lack of Ownership Verification

Joomla Security - Mar, 07/25/2017 - 02:00
  • Project: Joomla!
  • SubProject: CMS Installer
  • Severity: High
  • Versions: 1.0.0 through 3.7.3
  • Exploit type: Lack of Ownership Verification
  • Reported Date: 2017-Apr-06
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11364
Description

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

Please note: Already installed sites are not affected, as this issue is limited to the installer application!

Affected Installs

Joomla! CMS versions 1.0.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Böck
Categorías: Joomla

[20170705] - Core - XSS Vulnerability

Joomla Security - Mar, 07/25/2017 - 02:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.7.3
  • Exploit type: XSS
  • Reported Date: 2017-April-26
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11612
Description

Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Beat B, JSST
Categorías: Joomla

[20170701] - Core - Information Disclosure

Joomla Security - Mar, 07/04/2017 - 14:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.7.3 - 3.7.2
  • Exploit type: Information Disclosure
  • Reported Date: 2016-Feb-05
  • Fixed Date: 2017-July-04
  • CVE Number: CVE-2017-9933
Description

Improper cache invalidation leads to disclosure of form contents.

Affected Installs

Joomla! CMS versions 1.7.3-3.7.2

Solution

Upgrade to version 3.7.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Jeff Channell
Categorías: Joomla

[20170702] - Core - XSS Vulnerability

Joomla Security - Mar, 07/04/2017 - 14:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.7.3 - 3.7.2
  • Exploit type: XSS
  • Reported Date: 2017-June-04
  • Fixed Date: 2017-July-04
  • CVE Number: CVE-2017-9934
Description

Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

Affected Installs

Joomla! CMS versions 1.7.3-3.7.2

Solution

Upgrade to version 3.7.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Envo
Categorías: Joomla

[20170703] - Core - XSS Vulnerability

Joomla Security - Mar, 07/04/2017 - 14:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2017-June-22
  • Fixed Date: 2017-July-04
  • CVE Number: CVE-2017-7985
Description

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet's FortiGuard Labs
Categorías: Joomla
Subscribe to Develop Site agregador: Joomla