Saturday, 31 October 2020
- - - - - -

One page responsive template

One page responsive template

Etiam porta sem malesuada magna mollis euismod

magna mollis euismod

magna mollis euismod

Donec id elit non mi porta gravida at agna mollis euismod

Fusce dapibus <br> tellus ac cursus commodo <br>  dapibus tellus ac modo raesent

Fusce dapibus
tellus ac cursus commodo
dapibus tellus ac modo raesent

Saed elitr diam euismod auctor nonu eirmo conse

Security Announcements

  1. [20200802] - Core - Open redirect in com_content vote feature
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.20
    • Exploit type: Open Redirect
    • Reported Date: 2020-July-05
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24598

    Description

    Lack of input validation in com_content leads to an open redirect.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Ahmad Kamaran Jamil
  2. [20200803] - Core - Directory traversal in com_media
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.20
    • Exploit type: Directory Traversal
    • Reported Date: 2020-February-02
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24597

    Description

    Lack of input validation allows com_media root paths outside of the webroot.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC
  3. [20200801] - Core - XSS in mod_latestactions
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.0-3.9.20
    • Exploit type: XSS
    • Reported Date: 2020-August-21
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24599

    Description

    Lack of escaping in mod_latestactions allows XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Peter Martin
  4. [20200706] - Core - System Information screen could expose redis or proxy credentials
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
  5. [20200705] - Core - Escape mod_random_image link
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor