Joomla News

Joomla matters
In diesem Bereich veröffentlichen wir unser News zum Thema Joomla! und seinen unzähligen Erweiterungen GOTO https://extensions.joomla.org
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-08-29 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40747 Description Various module chromes didn't properly process inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Catalin Iovita...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: XSS Reported Date: 2024-09-19 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40748 Description Lack of output escaping in the id attribute of menu lists. Affected Installs Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Lokesh Dachepalli...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Exploit type: ACL Violation Reported Date: 2024-08-26 Fixed Date: 2025-01-07 CVE Number: CVE-2024-40749 Description Improper Access Controls allows access to protected views. Affected Installs Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2 Solution Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Dominik Ziegelmüller...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.4.6-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: Open redirect Reported Date: 2024-03-20 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27184 Description Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Affected Installs Joomla! CMS versions 3.4.6-3.10.16-elts,4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Gareth Heyes (PortSwigger Research) & Teodor Ivanov...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: Cache Poisoning Reported Date: 2024-05-23 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27185 Description The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. Affected Installs Joomla! CMS versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Shane Edwards...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: XSS Reported Date: 2024-07-22 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27186 Description The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. Affected Installs Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Elysee Franchuk...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: XSS Reported Date: 2024-07-22 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27187 Description Improper Access Controls allows backend users to overwrite their username when disallowed. Affected Installs Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Elysee Franchuk...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: XSS Reported Date: 2024-07-22 Fixed Date: 2024-08-20 CVE Number: CVE-2024-40743 Description The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By:  Jesper den Boer...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 4.0.0-4.4.5, 5.0.0-5.1.1 Exploit type: XSS Reported Date: 2024-02-20 Fixed Date: 2024-07-09 CVE Number: CVE-2024-21729 Description Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. Affected Installs Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1 Solution Upgrade to version 4.4.6 or 5.1.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Marco Kadlubski...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.4.5, 5.0.0-5.1.1 Exploit type: XSS Reported Date: 2024-06-03 Fixed Date: 2024-07-09 CVE Number: CVE-2024-21730 Description The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. Affected Installs Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1 Solution Upgrade to version 4.4.6 or 5.1.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Jesper den Boer...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Low Versions: 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Exploit type: XSS Reported Date: 2024-06-08 Fixed Date: 2024-07-09 CVE Number: CVE-2024-21731 Description Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. Affected Installs Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Solution Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Jesper den Boer...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Low Versions: 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Exploit type: XSS Reported Date: 2024-06-08 Fixed Date: 2024-07-09 CVE Number: CVE-2024-26278 Description The wrapper extensions do not correctly validate inputs, leading to XSS vectors. Affected Installs Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Solution Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Jesper den Boer...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Low Versions: 3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Exploit type: XSS Reported Date: 2024-06-09 Fixed Date: 2024-07-09 CVE Number: CVE-2024-26279 Description The Custom Fields component not correctly filter inputs, leading to a XSS vector. Affected Installs Joomla! CMS versions 3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 Solution Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Jesper den Boer...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Insufficient Session Expiration Reported Date: 2023-11-29 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21722 Description The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified. Affected Installs Joomla! CMS versions 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Open Redirect Reported Date: 2023-11-08 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21723 Description Inadequate parsing of URLs could result into an open redirect. Affected Installs Joomla! CMS versions 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 1.6.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-09 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21724 Description Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. Affected Installs Joomla! CMS versions 1.6.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: High Probability: High Versions: 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-30 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21725 Description Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....

Joomla.org SicherheitsmeldungenProject: Joomla! / Joomla! Framework SubProject: CMS / filter Impact: Moderate Severity: Moderate Probability: Moderate Versions: 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2023-11-22 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21726 Description Inadequate content filtering leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....

vel.joomla.org Vulnerable ExtensionsosTicky2, , 3rd party extension, Otherabandoned - remove from site...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: High Severity: High Probability: Low Versions: 1.6.0-4.4.0, 5.0.0 Exploit type: Information Disclosure Reported Date: 2023-07-14 Fixed Date: 2023-11-21 CVE Number: CVE-2023-40626 Description The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. Affected Installs Joomla! CMS versions 1.6.0-4.4.0, 5.0.0 Solution Upgrade to version 3.10.14-elts, 4.4.1 or 5.0.1 Contact The JSST at the Joomla! Security Centre....

Weiter