Joomla Security Notice :: July 5, 2017

Started by Jason, July 07, 2017, 06:21:42 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

July 07, 2017, 06:21:42 PM
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html


QuoteJoomla! Security News

________________________________________
•    [20170701] - Core - Information Disclosure
•    [20170702] - Core - XSS Vulnerability
•    [20170703] - Core - XSS Vulnerability
[20170701] - Core - Information Disclosure
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: High
-  Versions: 1.7.3 - 3.7.2
-  Exploit type: Information Disclosure
-  Reported Date: 2016-Feb-05
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-9933
Description
Improper cache invalidation leads to disclosure of form contents.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Jeff Channell
 
 

[20170702] - Core - XSS Vulnerability
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: High
-  Versions: 1.7.3 - 3.7.2
-  Exploit type: XSS
-  Reported Date: 2017-June-04
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-9934
Description
Missing CSRF token checks and improper input validation lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Envo
 
 

[20170703] - Core - XSS Vulnerability
Posted: 04 Jul 2017 05:00 AM PDT
-  Project: Joomla!
-  SubProject: CMS
-  Severity: Low
-  Versions: 1.5.0 through 3.7.2
-  Exploit type: XSS
-  Reported Date: 2017-June-22
-  Fixed Date: 2017-July-04
-  CVE Number: CVE-2017-7985
Description
Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.6.5
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Fortinet's FortiGuard Labs
Print
Go Up Pages1
User actions