Text only | Text with Images

Charlottezweb

General Conversation => Script Chat => Topic started by: Jason on January 16, 2019, 03:53:48 PM

Title: Joomla Security Notice :: January 16, 2019
Post by: Jason on January 16, 2019, 03:53:48 PM
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html (https://developer.joomla.org/security-centre.html)

QuoteJoomla! Security News

________________________________________
•    [20190104] - Core - Stored XSS issue in the Global Configuration help url
•    [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings
•    [20190102] - Core - Stored XSS in com_contact
•    [20190101] - Core - Stored XSS in mod_banners
[20190104] - Core - Stored XSS issue in the Global Configuration help url
Posted: 15 Jan 2019 06:45 AM PST
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 2.5.0 through 3.9.1
-- Exploit type: XSS
-- Reported Date: 2018-December-05
-- Fixed Date: 2019-January-15
-- CVE Number: CVE-2019-6262
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Mario Korth, Hackmanit
 
 

[20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings
Posted: 15 Jan 2019 06:45 AM PST
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 2.5.0 through 3.9.1
-- Exploit type: XSS
-- Reported Date: 2018-November-29
-- Fixed Date: 2019-January-15
-- CVE Number: CVE-2019-6263
Description
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Sébastien Poirier
 
 

[20190102] - Core - Stored XSS in com_contact
Posted: 15 Jan 2019 06:45 AM PST
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 2.5.0 through 3.9.1
-- Exploit type: XSS
-- Reported Date: 2018-December-04
-- Fixed Date: 2019-January-15
-- CVE Number: CVE-2019-6261
Description
Inadequate escaping in com_contact leads to a stored XSS vulnerability
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Antonin Steinhauser
 
 

[20190101] - Core - Stored XSS in mod_banners
Posted: 15 Jan 2019 06:45 AM PST
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 2.5.0 through 3.9.1
-- Exploit type: XSS
-- Reported Date: 2018-December-01
-- Fixed Date: 2019-January-15
-- CVE Number: CVE-2019-6264
Description
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Antonin Steinhauser
Text only | Text with Images