Joomla News

Joomla matters
In diesem Bereich veröffentlichen wir unser News zum Thema Joomla! und seinen unzähligen Erweiterungen GOTO https://extensions.joomla.org
vel.joomla.org Vulnerable Extensionsacymailing, , 3rd party extension, Other multiplehttps://www.acymailing.com/acymailing-release-security-%f0%9f%94%90-news-updates/...

vel.joomla.org Resolved Extensionshttps://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...

vel.joomla.org Resolved ExtensionsSolidres, 2.13.3, hub plugin 3rd party extension, XSS (Cross Site Scripting)   https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

vel.joomla.org Vulnerable ExtensionsAdmiror Gallery, , 3rd party extension, XSS (Cross Site Scripting)...

vel.joomla.org Vulnerable Extensionsbagallery , , 3rd party extension, Other...

vel.joomla.org Resolved Extensionsquickform, , 3rd party extension, OtherDeveloper states "hack your self" scenario....

vel.joomla.org Vulnerable ExtensionsProforms Basic Joomla Module, , 3rd party extension, Other...

vel.joomla.org Resolved ExtensionsJC Dashboards, 1.3.10, 3rd party extension, OtherJCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances. changelog Download url https://joomcode.com/jcmedia/com_jcdashboards/version_history.html https://joomcode.com/index.php/download/category/7-jc-dashboards?download=11:jc-dashboards-free...

vel.joomla.org Vulnerable Extensionsadmirror gallery, , 3rd party extension, XSS (Cross Site Scripting)...

vel.joomla.org Vulnerable ExtensionsLM-CUSTOM-ADMIN, , 3rd party extension, Other...

vel.joomla.org Vulnerable ExtensionsEXTPLORER, 2.1.15, 3rd party extension, XSS (Cross Site Scripting)...

vel.joomla.org Vulnerable ExtensionsVirtual Classroom, , 3rd party extension, SQL Injection...

vel.joomla.org Vulnerable ExtensionsProforms Basic via sort_order parameter, , 3rd party extension, SQL Injection...

vel.joomla.org Vulnerable ExtensionsPlugin Creative Gallery , , 3rd party extension, SQL Injection...

vel.joomla.org Vulnerable ExtensionsLivingWord, , 3rd party extension, XSS (Cross Site Scripting)...

vel.joomla.org Vulnerable Extensionsone vote, 1.7, 3rd party extension, XSS (Cross Site Scripting)...

vel.joomla.org Resolved ExtensionsHikaShop, Versions from 4.4.1 to 4.7.2 are affected, 3rd party extension, SQL Injection   Dev Noticehttps://www.hikashop.com/home/blog/501-hikashop-important-2023.html...

vel.joomla.org Resolved ExtensionsHikaShop Joomla Plugin, , 3rd party extension, SQL InjectionUpdatehttps://www.hikashop.com/home/blog/501-hikashop-important-2023.html...

vel.joomla.org Resolved ExtensionsVisforms Base Package for Joomla!,  3rd party extension, SQL Injection Project: Visforms für Joomla 3 Extension: com_visforms Impact: Critical Severity: High Probability: Unkonwn Versions: 3.8.0 - 3.14.10 Exploit type: SQL Injection Reported Date: 2023-04-16 Fixed Date: 2023-04-19 CVE Number: CVE-2023-23753 Description An improper use of input filter allows SQL-Injection. Affected Installs com_visforms versions 3.8.0 - 3.14.10. Visforms Base Package 3.0.0 - 3.0.4 (Since version 3.14.6 com_visforms is part of the Visforms Base Package) Solution Upgrade to Visforms Base Package 3.0.5...

Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Critical Severity: Moderate Probability: Low Versions: 4.2.0-4.3.1 Exploit type: Lack of rate limiting Reported Date: 2023-04-29 Fixed Date: 2023-05-30 CVE Number: CVE-2023-23755 Description The lack of rate limiting allows brute force attacks against MFA methods. Affected Installs Joomla! CMS versions 4.2.0-4.3.1 Solution Upgrade to version 4.3.2 Contact The JSST at the Joomla! Security Centre. Reported By:  Phil Taylor...

Weiter