Joomla Security Notice :: September 24, 2014

Started by Jason, September 24, 2014, 07:03:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

September 24, 2014, 07:03:38 PM
Joomla sent out a security notice today:

Quote
Joomla! Security News
________________________________________
[20140901] - Core - XSS Vulnerability
Posted: 23 Sep 2014 12:00 PM PDT
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
- Exploit type: XSS Vulnerability
- Reported Date: 2014-August-27
- Fixed Date: 2014-September-23
- CVE Number: CVE-2014-6631

Description
Inadequate escaping leads to XSS vulnerability in com_media.

Affected Installs
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

Solution
Upgrade to version 3.2.5 or 3.3.4

Contact
The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang
Print
Go Up Pages1
User actions