Tag: Security Centre

[20200604] – Core – XSS in jQuery.htmlPrefilter

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-April-10
Fixed Date: 2020-June-02
CVE Number: CVE-2020-11022 and CVE-2020-11023

Description
The jQuery project released versi…


June 2, 2020 0

[20200603] – Core – XSS in com_modules tag options

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-06
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX

Description
Incorrect input validation of the module tag option in c…


June 2, 2020 0

[20200605] – Core – CSRF in com_postinstall

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-08
Fixed Date: 2020-June-02
CVE Number: CVE-2020-xxx

Description
Missing token checks in com_postinstall cause CSRF vulnerabil…


June 2, 2020 0

[20200602] – Core – Inconsistent default textfilter settings

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0-3.9.18
Exploit type: Insecure Permissions
Reported Date: 2020-April-23
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX

Description
The default settings of the global “textfi…


June 2, 2020 0

[20200601] – Core – XSS in modules heading tag option

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-06
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX

Description
Lack of input validation in the heading tag option of th…


June 2, 2020 0

[20200403] – Core – Incorrect access control in com_users access level deletion function

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-March-13
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11889

Description
Incorrect ACL checks in the …


April 21, 2020 0

[20200402] – Core – Missing checks for the root usergroup in usergroup table

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-February-27
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11890

Description
Inproper input validation…


April 21, 2020 0

[20200401] – Core – Incorrect access control in com_users access level editing function

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.8 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-March-13
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11891

Description
Incorrect ACL checks in the acces…


April 21, 2020 0

[20200306] – Core – SQL injection in Featured Articles menu parameters

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 1.7.0-3.9.15
Exploit type: SQL Injection
Reported Date: 2020-March-9
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10243

Description
The lack of type casting of a variable in SQL …


March 10, 2020 0

[20200306] – Core – SQL injection in Featured Articles menu parameters

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 1.7.0-3.9.15
Exploit type: SQL Injection
Reported Date: 2020-March-9
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10243

Description
The lack of type casting of a variable in SQL …


March 10, 2020 0