- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0-3.9.18
- Exploit type: XSS
- Reported Date: 2020-April-10
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-11022 and CVE-2020-11023
The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."
The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.
Joomla! CMS versions 3.0.0 - 3.9.18
Upgrade to version 3.9.19
The JSST at the Joomla! Security Centre.