1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer

    Security Announcements

    [20190206] - Core - Implement the TYPO3 PHAR stream wrapper

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: Object Injection
    • Reported Date: 2019-January-18
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7743

    Description

    The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin (JSST)

    [20190205] - Core - XSS Issue in core.js writeDynaList

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2018-October-07
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7740

    Description

    Inadequate parameter handling in JS code could lead to an XSS attack vector.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Dimitris Grammatikogiannis

    [20190204] - Core - Stored XSS issue in the Global Configuration help url #2

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2019-January-16
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7741

    Description

    Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Antonin Steinhauser

    [20190203] - Core - Additional warning in the Global Configuration textfilter settings

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2019-January-17
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7739

    Description

    "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Raviraj Powar

    [20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 1.0.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2018-September-24
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7742

    Description

    A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hanno Böck

    We have 43 guests and no members online

    Featured Resort discover Estrella Del Mar

    Image Lorem ipsum dolor sit amet, consecte adi elit. Phasellus magna ligula eges.
    Read More...

    Featured Industry we got the solution ready for you

    ImageLorem ipsum dolor sit amet, consecte adi elit. Phasellus magna ligula eges.
    Read More...

    Featured Scenery experience the sunset

    ImageLorem ipsum dolor sit amet, consecte adi elit. Phasellus magna ligula eges.
    Read More...

    Featured Place the municipal hall

    ImageLorem ipsum dolor sit amet, consecte adi elit. Phasellus magna ligula eges.
    Read More...