Joomla Security Notice :: Sept 25, 2019

Started by Jason, September 25, 2019, 06:42:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

Quote________________________________________
[20190901] - Core - XSS in logo parameter of default templates
Posted: 24 Sep 2019 06:00 AM PDT
-> Project: Joomla!
-> SubProject: CMS
-> Impact: Moderate
-> Severity: Low
-> Versions: 3.0.0-3.9.11
-> Exploit type: XSS
-> Reported Date: 2019-August-28
-> Fixed Date: 2019-September-24
-> CVE Number: CVE-2019-16725
Description
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.11
Solution
Upgrade to version 3.9.12