Alex Shaposhnik's picture

Alex

 Technical Support Specialist

Aug 26, 2020
Add comment

Three security vulnarabilities in Joomla core are fixed with the release of version 3.9.21

joomla hosting

Joomla 3.9.21 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.21?

Joomla 3.9.21 includes 3 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

  • Low Priority - Core - XSS in mod_latestactions (affecting Joomla! 3.9.0 through 3.9.20) More information »
  • Low Priority - Core - Open redirect in com_content vote feature (affecting Joomla! 3.0.0 through 3.9.20) More information »
  • Low Priority - Core - Directory traversal in com_media (affecting Joomla! 2.5.0 through 3.9.20) More information »

Bug fixes and Improvements

  • TinyMCE updated #30329
  • CodeMirror updated #30370
  • Upload Package File / Joomla Update : Upload file size check added #30190 #29895
  • Actions Log: Log an event when Joomla is updated #30157

Core - Open redirect in com_content vote feature

   Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 3.0.0-3.9.20
    Exploit type: Open Redirect
    Reported Date: 2020-July-05
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24598

Description

Lack of input validation in com_content leads to an open redirect.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Core - Directory traversal in com_media

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 2.5.0-3.9.20
    Exploit type: Directory Traversal
    Reported Date: 2020-February-02
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24597

Description

Lack of input validation allows com_media root paths outside of the webroot.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Core - XSS in mod_latestactions

  Project: Joomla!
    SubProject: CMS
    Impact: Moderate
    Severity: Low
    Versions: 3.9.0-3.9.20
    Exploit type: XSS
    Reported Date: 2020-August-21
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24599

Description

Lack of escaping in mod_latestactions allows XSS attacks.

Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Joomla · Security

We value your opinion. Please add your feedback.

Get Started or Contact Us