Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Impact: Medium
- Severity: Low
- Versions: 3.0.0 through 3.8.7
- Exploit type: Session race condition
- Reported Date: 2017-July-08
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11324
Description
A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Additional Resources
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.7.0 through 3.8.7
- Exploit type: Remote Code Execution
- Reported Date: 2018-May-14
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11321
Description
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Versions: 3.0.0 through 3.8.7
- Exploit type:XSS
- Reported Date:2018-February-02 & 2018-March-27
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11326
Description
Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Additional Resources
Contact
The JSST at the Joomla! Security Centre.