Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-21
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6380
Description
Lack of escaping in the module chromes le…
[20180101] – Core – XSS vulnerability in module chromes Read More »
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.7.0 through 3.8.1
Exploit type: Information Disclosure
Reported Date: 2017-May-17
Fixed Date: 2017-November-07
CVE Number: CVE-2017-16633
Description
A logic bug in com_fields exposed read-o…
[20171103] – Core – Information Disclosure Read More »
Project: Joomla!
SubProject: CMS
Severity: Medium
Versions: 3.2.0 through 3.8.1
Exploit type:
Reported Date: 2017-October-31
Fixed Date: 2017-November-07
CVE Number: CVE-2017-16634
Description
A bug allowed third parties to bypass a user’s 2-factor…
[20171102] – Core – 2-factor-authentication bypass Read More »
Project: Joomla!
SubProject: CMS
Severity: Medium
Versions: 1.5.0 through 3.8.1
Exploit type: Information Disclosure
Reported Date: 2017-October-06
Fixed Date: 2017-November-07
CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP au…
[20171101] – Core – LDAP Information Disclosure Read More »
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.7.0 through 3.7.5
Exploit type: Information Disclosure
Reported Date: 2017-August-4
Fixed Date: 2017-September-19
CVE Number: CVE-2017-14595
Description
A logic bug in a SQL query could lead …
[20170901] – Core – Information Disclosure Read More »
Project: Joomla!
SubProject: CMS
Severity: Medium
Versions: 1.5.0 through 3.7.5
Exploit type: Information Disclosure
Reported Date: 2017-July-27
Fixed Date: 2017-September-19
CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP auth…
[20170902] – Core – LDAP Information Disclosure Read More »
The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.
Please note: Already installed sites are not affected, as this issue is limited to the installer application!
Joomla! CMS versions 1.0.0 through 3.7.3
Upgrade to version 3.7.4
The JSST at the Joomla! Security Centre.
[20170704] – Core – Installer: Lack of Ownership Verification Read More »
Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Joomla! CMS versions 1.5.0 through 3.7.3
Upgrade to version 3.7.4
The JSST at the Joomla! Security Centre.
[20170705] – Core – XSS Vulnerability Read More »
Improper cache invalidation leads to disclosure of form contents.
Joomla! CMS versions 1.7.3-3.7.2
Upgrade to version 3.7.3
The JSST at the Joomla! Security Centre.
[20170701] – Core – Information Disclosure Read More »
Missing CSRF token checks and improper input validation lead to an XSS vulnerability.
Joomla! CMS versions 1.7.3-3.7.2
Upgrade to version 3.7.3
The JSST at the Joomla! Security Centre.
[20170702] – Core – XSS Vulnerability Read More »
