Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsJoomRecipe, 4.2.2, 3rd party extension, XSS (Cross Site Scripting) joomrecipe v4.2.2 issue with XSS vulnerability was fixed in last version 4.2.4 today , check out here: https://www.joomboost.com/blog-updates/joomrecipe-v4-2-2-security-announcement.html...
Zugriffe: 555

Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsjCart for OpenCart, jCart for OpenCart 3.0.3.19, 3rd party extension, XSS (Cross Site Scripting)   Here is the link on our site: https://extensions.soft-php.com/support/latest-news/79-joocart-jcart-30325-release-notice.html...
Zugriffe: 533

Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsEDocman, 1.23.3, 3rd party extension, XSS (Cross Site Scripting) Version: Old 1.23.3 / New 1.23.4Update details: New Edocman version includes XSS vulnerability issue fixed. The issue comes from Edocman search function. Update URL: https://joomdonation.com/forum/edocman/73605-30th-september-2022-new-version-1-23-4-fix-xss-vulnerability-issue.html...
Zugriffe: 553

Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsEShop Joomla Shopping-Cart, 3.6.0, 3rd party extension, XSS (Cross Site Scripting) Extension: EShopVersion: Old 3.6.0 / New 3.6.1Update details: Update version 3.6.1 to fix the vulnerable issue of filter view.Update URL: https://joomdonation.com/forum/released-versions/73450-eshop-version-3-6-0-released.html#153923      ...
Zugriffe: 581

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.2.0 Exploit type: Path Disclosure Reported Date: 2022-08-27 Fixed Date: 2022-08-30 CVE Number: CVE-2022-27911 Description Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis #38615 Affected Installs Joomla! CMS versions 4.2.0 Solution Upgrade to version 4.2.1 Contact The JSST at the Joomla! Security Centre. Reported By: SharkyKZ...
Zugriffe: 761

Details
Kategorie: Joomla News
vel.joomla.org Resolved Extensionseasyblog, , 3rd party extension, Other   User Error...
Zugriffe: 547

Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsJUX Timetable, 1.0.4, 3rd party extension, SQL Injection...
Zugriffe: 732

Details
Kategorie: Joomla News
vel.joomla.org Resolved ExtensionsZH Googlemap, 11.22.3.1, 3rd party extension, XSS (Cross Site Scripting)...
Zugriffe: 694

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! / Joomla! Framework SubProject: CMS / archive Impact: Moderate Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Traversal Reported Date: 2022-02-20 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23793 Description Extracting an specifilcy crafted tar package could write files outside of the intended path. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Egidio Romano...
Zugriffe: 896

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! / Joomla! Framework SubProject: CMS / filesystem Impact: Low Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Disclosure Reported Date: 2021-02-17 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23794 Description Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: DangKhai from Viettel Cyber Security...
Zugriffe: 899

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: High Severity: Low Probability: Low Versions: 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Incorrect Access Control Reported Date: 2020-09-23 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23795 Description A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. Affected Installs Joomla! CMS versions 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
Zugriffe: 854

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Low Probability: Low Versions: 3.7.0 - 3.10.6 Exploit type: XSS Reported Date: 2021-05-06 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23796 Description Lack of input validation could allow an XSS attack using com_fields Affected Installs Joomla! CMS versions 3.7.0 - 3.10.6 Solution Upgrade to version 3.10.7 Contact The JSST at the Joomla! Security Centre. Reported By: Hoàng Nguyễn...
Zugriffe: 810

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: High Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: SQL Injection Reported Date: 2021-03-04 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23797 Description Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 & 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Hoàng Nguyễn...
Zugriffe: 781

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! / Joomla! Framework SubProject: CMS / input Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: Variable Tampering Reported Date: 2021-11-05 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23799 Description Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Nicholas K. Dionysopoulos, Phil Taylor...
Zugriffe: 878

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Open redirect Reported Date: 2021-03-23 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23798 Description Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Affected Installs Joomla! CMS versions 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 & 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Loïc LE MÉTAYER...
Zugriffe: 747

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! SubProject: CMS Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: XSS Reported Date: 2021-08-25 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23801 Description Possible XSS attack vector through SVG embedding in com_media. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Julia Polner, Simon Stockhause...
Zugriffe: 763

Details
Kategorie: Joomla News
Joomla.org SicherheitsmeldungenProject: Joomla! / Joomla! Framework SubProject: CMS / filter Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: XSS Reported Date: 2022-01-19 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23800 Description Inadequate content filtering leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Sebastian Morris, pwnCTRL...
Zugriffe: 744

Details
Kategorie: Joomla News
vel.joomla.org Resolved Extensionsguru, , 3rd party extension, various https://ijoomlademo.com/index.php/guru/gurupcategs...
Zugriffe: 508

Details
Kategorie: Joomla News
https://developer.joomla.org/security-centre.feed?type=rssProject: Joomla! SubProject: CMS Impact: Moderate Severity: High Versions: 4.0.0 Exploit type: Incorrect Access Control Reported Date: 2021-08-20 Fixed Date: 2021-08-24 CVE Number: CVE-2021-26040 Description The media manager does not correctly check the user's permissions before executing a file deletion command. Affected Installs Joomla! CMS versions 4.0.0 Solution Upgrade to version 4.0.1 Contact The JSST at the Joomla! Security Centre. Reported By: Maverick...
Zugriffe: 949

Details
Kategorie: Joomla News
https://developer.joomla.org/security-centre.feed?type=rssProject: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.27 Exploit type: XSS Reported Date: 2021-05-29 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26035 Description Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Nguyen...
Zugriffe: 946

Weiter