Joomla! - SITE - Advanced Web Factories

[20200601] - Core - XSS in modules heading tag option

Security Announcements Jun 2, 2020 | 15:00 pm

Project: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0-3.9.18Exploit type: XSSReported Date: 2020-May-06Fixed Date: 2020-June-02CVE Number: CVE-2020-13761DescriptionLack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks.Affected InstallsJoomla! CMS versions 3.0.0 -[…]

[20200401] - Core - Incorrect access control in com_users access level editing function

Security Announcements Apr 21, 2020 | 15:00 pm

Project: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.8 - 3.9.16Exploit type: Incorrect Access ControlReported Date: 2020-March-13Fixed Date: 2020-April-21CVE Number: CVE-2020-11891DescriptionIncorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.Affected InstallsJoomla! CMS versions 3.8.8 - 3.9.16SolutionUpgrade to version 3.9.17ContactThe JSST[…]

[20200304] - Core - Identifier collisions in com_users

Security Announcements Mar 10, 2020 | 14:00 pm

Project: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.15Exploit type: OtherReported Date: 2020-February-07Fixed Date: 2020-March-10CVE Number: CVE-2020-10240DescriptionMissing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.15SolutionUpgrade to[…]