Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.6.0 through 3.6.5
- Exploit type: ACL Violation
- Reported Date: 2016-April-29
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7988
Description
Inadequate filtering of form contents lead allow to overwrite the author of an article.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.6.5
- Exploit type: XSS
- Reported Date: 2016-February-28
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7987
Description
Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.5.0 through 3.6.5
- Exploit type: XSS
- Reported Date: 2017-February-22
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7986
Description
Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.