This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Joomla! CMS versions 1.0.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Inadequate escaping in com_contact leads to a stored XSS vulnerability
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Added additional CSRF hardening in com_installer actions in the backend.
Joomla! CMS versions 2.5.0 through 3.8.12
Upgrade to version 3.8.13
The JSST at the Joomla! Security Centre.