[20190203] - Core - Additional warning in the Global Configuration textfilter settings

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: XSS
Reported Date: 2019-January-17
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7739

Description

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Raviraj Powar