Joomla

Joomla Core - Escape xss in logo parameter error pages

Joomla Core - Escape xss in logo parameter error pages

Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030

Description

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.25

Solution

Upgrade to version 3.9.26

Read More

Several security bugs fixed on Joomla

Joomla

Joomla team has announced several bug fixes today on July 14, 2020.

Core - System Information screen could expose redis or proxy credentials

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 3.0.0-3.9.19
    Exploit type: Information Disclosure
    Reported Date: 2020-Jun-17
    Fixed Date: 2020-July-14
    CVE Number: CVE-2020-15698

Description

Inadequate filtering in the system information screen could expose redis or proxy credentials

Read More