Developer Network™ - Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.0.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-September-24
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7742
Description
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Affected Installs
Joomla! CMS versions 1.0.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-November-13
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7744
Description
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By: Antonin Steinhauser
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-05
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6262
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Mario Korth, Hackmanit