"Si tú no trabajas por tus sueños, alguien te contratará para que trabajes por los suyos”

Steve Jobs

Afiliado
Dominios3Euros

Anuncios de seguridad Joomla

  1. [20240705] - Core - XSS in com_fields default field value

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions:3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
    • Exploit type: XSS
    • Reported Date: 2024-06-09
    • Fixed Date: 2024-07-09
    • CVE Number: CVE-2024-26278

    Description

    The Custom Fields component not correctly filter inputs, leading to a XSS vector.

    Affected Installs

    Joomla! CMS versions 3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1

    Solution

    Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Jesper den Boer

  2. [20240704] - Core - XSS in Wrapper extensions

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions:3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
    • Exploit type: XSS
    • Reported Date: 2024-06-08
    • Fixed Date: 2024-07-09
    • CVE Number: CVE-2024-26279

    Description

    The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

    Affected Installs

    Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1

    Solution

    Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Jesper den Boer

  3. [20240703] - Core - XSS in StringHelper::truncate method

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Low
    • Versions:3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
    • Exploit type: XSS
    • Reported Date: 2024-06-08
    • Fixed Date: 2024-07-09
    • CVE Number: CVE-2024-21731

    Description

    Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

    Affected Installs

    Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1

    Solution

    Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Jesper den Boer

  4. [20240702] - Core - Self-XSS in fancyselect list field layout

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions: 4.0.0-4.4.5, 5.0.0-5.1.1
    • Exploit type: XSS
    • Reported Date: 2024-06-03
    • Fixed Date: 2024-07-09
    • CVE Number: CVE-2024-21730

    Description

    The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1

    Solution

    Upgrade to version 4.4.6 or 5.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Jesper den Boer

  5. [20240701] - Core - XSS in accessible media selection field

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Moderate
    • Versions: 4.0.0-4.4.5, 5.0.0-5.1.1
    • Exploit type: XSS
    • Reported Date: 2024-02-20
    • Fixed Date: 2024-07-09
    • CVE Number: CVE-2024-21729

    Description

    Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1

    Solution

    Upgrade to version 4.4.6 or 5.1.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Marco Kadlubski

¿Quien nos patrocina?

Nadie :-( , de vez en cuando tú haces clic en algún banner de publicidad. :-)

Acceso

¿ Quienes participan ?

Somos un grupos amantes de la tecnología y sobretodo de la programación de Vigo (Galicia).

Te gustaría participar , encantados contar con contigo y nuevas ideas.

Registrarte aquí y envía un formulario alguno de los contactos indicandole en que quieres participar y que ideas tienes.

Mas info

Sobre Nosotros