This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
Browser information is not filtered properly while saving the session values which leads to a Remote Code Execution vulnerability.
Joomla! Framework Session package versions 1.0.0 through 1.3.0
Upgrade to version 1.3.1
The JSST at the Joomla! Security Centre.
Add additional CSRF hardening in com_templates.
Joomla! CMS versions 3.2.0 through 3.4.5
Upgrade to version 3.4.6
The JSST at the Joomla! Security Centre.
Failure to properly sanitise input data from the XML install file located within an extension's package archive allows for directory traversal.
Joomla! CMS versions 3.4.0 through 3.4.5
Upgrade to version 3.4.6
The JSST at the Joomla! Security Centre.
Inadequate filtering of request data leads to a Directory Traversal vulnerability.
Joomla! CMS versions 3.2.0 through 3.4.5
Upgrade to version 3.4.6
The JSST at the Joomla! Security Centre.
Inadequate filtering of request data leads to a SQL Injection vulnerability.
Joomla! CMS versions 3.2.0 through 3.4.4
Upgrade to version 3.4.5
The JSST at the Joomla! Security Centre.
Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.
Joomla! CMS versions 3.2.0 through 3.4.4
Upgrade to version 3.4.5
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability in login module.
Joomla! CMS versions 3.4.0 through 3.4.3
Upgrade to version 3.4.4
The JSST at the Joomla! Security Centre.
Lack of CSRF checks potentially enabled uploading malicious code.
Joomla! CMS versions 3.2.0 through 3.4.1
Upgrade to version 3.4.2
The JSST at the Joomla! Security Centre.
Inadequate checking of the return value allowed to redirect to an external page.
Joomla! CMS versions 3.0.0 through 3.4.1
Upgrade to version 3.4.2
The JSST at the Joomla! Security Centre.
Inadequate checking allowed the potential for a denial of service attack.
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
The JSST at the Joomla! Security Centre.
Inadequate checking allowed the potential for remote files to be executed.
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Please refer to AkeebaBackup.com for additional details.
The JSST at the Joomla! Security Centre.
Inadequate checking allowed unauthorised logins via LDAP authentication.
Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
Upgrade to version 2.5.25, 3.2.5, or 3.3.4
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability in com_media.
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Upgrade to version 3.2.5 or 3.3.4
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to SQL injection vulnerability.
Joomla! CMS versions 3.1.0 through 3.2.2
Upgrade to version 3.2.3
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability in com_contact.
Joomla! CMS versions 3.1.2 through 3.2.2
Upgrade to version 3.2.3
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability.
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Upgrade to version 2.5.19 or 3.2.3
The JSST at the Joomla! Security Centre.
Inadequate checking allowed unauthorised logins via GMail authentication.
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Upgrade to version 2.5.19 or 3.2.3
The JSST at the Joomla! Security Centre.
Inadequate filtering leads to XSS vulnerability in com_contact.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.16, 3.1.6 or 3.2.
The JSST at the Joomla! Security Centre.
Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.16, 3.1.6 or 3.2.
The JSST at the Joomla! Security Centre.
Inadequate filtering leads to XSS vulnerability in com_contact.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.16, 3.1.6 or 3.2.
The JSST at the Joomla! Security Centre.
Inadequate filtering leads to the ability to bypass file type upload restrictions.
Joomla! version 2.5.13 and earlier 2.5.x versions; and version 3.1.4 and earlier 3.x versions.
Upgrade to version 2.5.14 or 3.1.5.
The JSST at the Joomla! Security Centre.
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Use of old version of Flash-based file uploader leads to XSS vulnerability.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.