The following metadata has been embedded in the body. Website Malware Removal Service – [20170405] - Core - XSS Vulnerability

[20170405] – Core – XSS Vulnerability

Posted by MalRemServ on 25 04 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2016-February-28
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7987

Description

Inadequate escaping of file and folder names leads to XSS vulnerabilites in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.