Joomla

[20160802] - Core - XSS Vulnerability

Joomla Security - Jue, 08/04/2016 - 04:20
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.0
  • Exploit type: XSS Vulnerability
  • Reported Date: 2016-February-05
  • Fixed Date: 2016-August-03
  • CVE Number: Requested
Description

Inadequate escaping leads to XSS vulnerability in mail component.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dingjie (Daniel) Yang
Categorías: Joomla

[20160801] - Core - ACL Violation

Joomla Security - Mié, 08/03/2016 - 05:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.0
  • Exploit type: ACL Violation
  • Reported Date: 2016-April-29
  • Fixed Date: 2016-August-03
  • CVE Numbers: requested
Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: T-Systems Multimedia Solutions
Categorías: Joomla

[20160803] - Core - CSRF

Joomla Security - Mié, 08/03/2016 - 05:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.6.0
  • Exploit type: CSRF
  • Reported Date: 2016-July-19
  • Fixed Date: 2016-August-03
  • CVE Numbers: requested
Description

Add additional CSRF hardening in com_joomlaupdate.

Affected Installs

Joomla! CMS version 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Calum Hutton
Categorías: Joomla