[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.26 Exploit type: XSS Reported Date: 2021-03-05 Fixed Date: 2021-05-25 CVE Number: CVE-2021-26032 Description HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.26 Solution Upgrade to version 3.9.27 Contact The JSST at the Joomla! Security Centre.
- Zugriffe: 949