Newsfeeds

Kit unghii gel profesional

[20210103] - Core - XSS in com_tags image parameters
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions:3.1.0 - 3.9.23
- Exploit type: XSS
- Reported Date: 2020-09-01
- Fixed Date: 2021-01-12
- CVE Number: CVE-2021-23125
Description

Lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.

Affected Installs

Joomla! CMS versions 3.1.0 - 3.9.23

Solution

Upgrade to version 3.9.24

Contact

The JSST at the Joomla! Security Centre.

Reported By: Šarūnas Paulauskas
[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions:3.9.0 - 3.9.23
- Exploit type: XSS
- Reported Date: 2020-09-01
- Fixed Date: 2021-01-12
- CVE Number: CVE-2021-23124
Description

Lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.23

Solution

Upgrade to version 3.9.24

Contact

The JSST at the Joomla! Security Centre.

Reported By: Šarūnas Paulauskas
[20210101] - Core - com_modules exposes module names
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions:3.0.0 - 3.9.23
- Exploit type: Incorrect Access Control
- Reported Date: 2020-07-07
- Fixed Date: 2021-01-12
- CVE Number: CVE-2021-23123
Description

Lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.23

Solution

Upgrade to version 3.9.24

Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor
[20201107] - Core - Write ACL violation in multiple core views
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions:1.7.0 - 3.9.22
- Exploit type: ACL Violation
- Reported Date: 2018-11-04
- Fixed Date: 2020-11-24
- CVE Number: CVE-2020-35616
Description

Lack of input validation while handling ACL rulesets can cause write ACL violations.

Affected Installs

Joomla! CMS versions 1.7.0 - 3.9.22

Solution

Upgrade to version 3.9.23

Contact

The JSST at the Joomla! Security Centre.

Reported By: Elisa Foltyn, Benjamin Trenkle
[20201106] - Core - CSRF in com_privacy emailexport feature
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.9.0-3.9.22
- Exploit type: CSRF
- Reported Date: 2020-10-08
- Fixed Date: 2020-11-24
- CVE Number: CVE-2020-35615
Description

A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.22

Solution

Upgrade to version 3.9.23

Contact

The JSST at the Joomla! Security Centre.

Reported By: Lee Thao from Viettel Cyber Security

Informaţii în completare

Newsflash

Joomla! 1.5 - 'Experience the Freedom'!. It has never been easier to create your own dynamic Web site. Manage all your content from the best CMS admin interface and in virtually any language you speak.

Format vizual pentru Joomla! 1.5

Căutare, vizualizare şi navigare

Main Menu

Key Concepts

Newsfeeds

Kit unghii gel profesional

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Description

Affected Installs

Solution

Contact

Informaţii în completare

Newsflash