Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 1.7.3 - 3.7.2
- Exploit type: Information Disclosure
- Reported Date: 2016-Feb-05
- Fixed Date: 2017-July-04
- CVE Number: CVE-2017-9933
Description
Improper cache invalidation leads to disclosure of form contents.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 1.7.3 - 3.7.2
- Exploit type: XSS
- Reported Date: 2017-June-04
- Fixed Date: 2017-July-04
- CVE Number: CVE-2017-9934
Description
Missing CSRF token checks and improper input validation lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.7.3-3.7.2
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.5.0 through 3.7.2
- Exploit type: XSS
- Reported Date: 2017-June-22
- Fixed Date: 2017-July-04
- CVE Number: CVE-2017-7985
Description
Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.6.5
Solution
Upgrade to version 3.7.3
Contact
The JSST at the Joomla! Security Centre.