Joomla! Security News
-
[20140301] - Core - SQL Injection
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.1.0 through 3.2.2
- Exploit type: SQL Injection
- Reported Date: 2014-February-06
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs
Joomla! CMS versions 3.1.0 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ?? -
[20140302] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.1.2 through 3.2.2
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-04
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ?? -
[20140303] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-05
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: JSST -
[20140304] - Core - Unauthorised Logins
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
- Exploit type: Unauthorised Logins
- Reported Date: 2014-February-21
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo -
[20131103] Core XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-October-26
- Fixed Date: 2013-November-06
- CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
Reported By: Osanda Malith Jayathissa
We have 23 guests and no members online