Joomla News
In diesem Bereich veröffentlichen wir unser News zum Thema Joomla! und seinen unzähligen Erweiterungen GOTO https://extensions.joomla.org
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Insufficient Session Expiration Reported Date: 2023-11-29 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21722 Description The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified. Affected Installs Joomla! CMS versions 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 90
Weiterlesen: [20240201] - Core - Insufficient session expiration in MFA management views
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Open Redirect Reported Date: 2023-11-08 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21723 Description Inadequate parsing of URLs could result into an open redirect. Affected Installs Joomla! CMS versions 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 84
Weiterlesen: [20240202] - Core - Open redirect in installation application
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 1.6.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-09 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21724 Description Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. Affected Installs Joomla! CMS versions 1.6.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 88
Weiterlesen: [20240203] - Core - XSS in media selection fields
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: High Probability: High Versions: 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-30 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21725 Description Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 89
Weiterlesen: [20240204] - Core - XSS in mail address outputs
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / filter Impact: Moderate Severity: Moderate Probability: Moderate Versions: 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2023-11-22 Fixed Date: 2024-02-20 CVE Number: CVE-2024-21726 Description Inadequate content filtering leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Solution Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 101
Weiterlesen: [20240205] - Core - Inadequate content filtering within the filter code
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
osTicky2, , 3rd party extension, Otherabandoned - remove from site...
- Zugriffe: 58
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: High Probability: Low Versions: 1.6.0-4.4.0, 5.0.0 Exploit type: Information Disclosure Reported Date: 2023-07-14 Fixed Date: 2023-11-21 CVE Number: CVE-2023-40626 Description The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. Affected Installs Joomla! CMS versions 1.6.0-4.4.0, 5.0.0 Solution Upgrade to version 3.10.14-elts, 4.4.1 or 5.0.1 Contact The JSST at the Joomla! Security Centre....
- Zugriffe: 269
Weiterlesen: [20231101] - Core - Exposure of environment variables
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
EasyShop, 1.4.1, 3rd party extension, XSS (Cross Site Scripting)...
- Zugriffe: 269
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
LazyDbBackup, 3.9.0, 3rd party extension, Other LazyDbBackup Version: 4.0.8 Developer: Robert Gastaud Last updated: Oct 17 20232 days ago ...
- Zugriffe: 232
HikaShop Starter 4.7.5 [2308101603], HikaShop Starter 4.7.5 [2308101603], XSS (Cross Site Scripting)
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
HikaShop Starter 4.7.5 [2308101603], HikaShop Starter 4.7.5 [2308101603], 3rd party extension, XSS (Cross Site Scripting)developer statement We fixed a stored XSS trough SVG file upload security issue. You can read more about it here.Note that it only affects HikaShop versions above the 4.6.2 up to the 5.0.1 and not if you updated HikaShop from previous versions as default support of SVG images for the upload of images was only added in the 4.7.0 for new installations of HikaShop. Also, it requires access to the backend of the website to perform, and can be avoided easily by removing the possibility of uploading svg files in the HikaShop configuration's "allowed images" setting or updating your HikaShop to the 5.0.2 ...
- Zugriffe: 216
Weiterlesen: HikaShop Starter 4.7.5 [2308101603], HikaShop Starter 4.7.5 [2308101603], XSS...
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
acymailing, , 3rd party extension, Other multiplehttps://www.acymailing.com/acymailing-release-security-%f0%9f%94%90-news-updates/...
- Zugriffe: 399
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
https://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...
- Zugriffe: 435
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Solidres, 2.13.3, hub plugin 3rd party extension, XSS (Cross Site Scripting) https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...
- Zugriffe: 426
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Admiror Gallery, , 3rd party extension, XSS (Cross Site Scripting)...
- Zugriffe: 426
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
bagallery , , 3rd party extension, Other...
- Zugriffe: 383
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
quickform, , 3rd party extension, OtherDeveloper states "hack your self" scenario....
- Zugriffe: 400
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Proforms Basic Joomla Module, , 3rd party extension, Other...
- Zugriffe: 397
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
JC Dashboards, 1.3.10, 3rd party extension, OtherJCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances. changelog Download url https://joomcode.com/jcmedia/com_jcdashboards/version_history.html https://joomcode.com/index.php/download/category/7-jc-dashboards?download=11:jc-dashboards-free...
- Zugriffe: 434
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
admirror gallery, , 3rd party extension, XSS (Cross Site Scripting)...
- Zugriffe: 381
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
LM-CUSTOM-ADMIN, , 3rd party extension, Other...
- Zugriffe: 393