News Feed Category

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.20
    • Exploit type: Open Redirect
    • Reported Date: 2020-July-05
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24598

    Description

    Lack of input validation in com_content leads to an open redirect.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Ahmad Kamaran Jamil
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.20
    • Exploit type: Directory Traversal
    • Reported Date: 2020-February-02
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24597

    Description

    Lack of input validation allows com_media root paths outside of the webroot.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.0-3.9.20
    • Exploit type: XSS
    • Reported Date: 2020-August-21
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24599

    Description

    Lack of escaping in mod_latestactions allows XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Peter Martin
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

Información de contacto

  • Dirección:

    Carretera a Paso Blanco #500 esq. calle Los Moreno

    Tepetates, Jesús María, Aguascalientes

  • Teléfono:

    Oficina - (449) 9736113

Menú

© 2018 Runa Calidad Certificada. Todos los derechos reservados. Powered By imacgina

Search