Tag: Security Centre

[20190603] – Core – ACL hardening of com_joomlaupdate

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764

Description
The update server URL of com…


June 11, 2019 0

[20190603] – Core – ACL hardening of com_joomlaupdate

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764

Description
The update server URL of com…


June 11, 2019 0

[20190602] – Core – XSS in subform field

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.6.0 through 3.9.6
Exploit type: XSS
Reported Date: 2019-January-01
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12766

Description
The subform fieldtype does not sufficiently…


June 11, 2019 0

[20190601] – Core – CSV injection in com_actionlogs

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0 through 3.9.6
Exploit type: CSV Injection
Reported Date: 2019-April-29
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12765

Description
The CSV export of com_actionslogs is vul…


June 11, 2019 0

[20190502] – Core – By-passing protection of Phar Stream Wrapper Interceptor

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.3 through 3.9.5
Exploit type: Object Injection
Reported Date: 2019-March-27
Fixed Date: 2019-May-07

Description
In Joomla 3.9.3, the vulnerability of insecure deserialization wh…


May 8, 2019 0

[20190502] – Core – By-passing protection of Phar Stream Wrapper Interceptor

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.3 through 3.9.5
Exploit type: Object Injection
Reported Date: 2019-March-27
Fixed Date: 2019-May-07

Description
In Joomla 3.9.3, the vulnerability of insecure deserialization wh…


May 8, 2019 0

[20190401] – Core – Directory Traversal in com_media

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.5.0 through 3.9.4
Exploit type: Directory Traversal
Reported Date: 2019-March-13
Fixed Date: 2019-April-08
CVE Number: CVE-2019-10945

Description
The Media Manager component …


April 9, 2019 0

[20190402] – Core – Helpsites refresh endpoint callable for unauthenticated users

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: High
Versions: 3.2.0 through 3.9.4
Exploit type: ACL Violation
Reported Date: 2019-March-13
Fixed Date: 2019-April-08
CVE Number: CVE-2019-10946

Description
The “refresh list of helpsites” endpoi…


April 9, 2019 0

[20190403] – Core – Object.prototype pollution in JQuery $.extend

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.0.0 through 3.9.4
Exploit type: XSS
Reported Date: 2019-March-25
Fixed Date: 2019-April-09
CVE Number: TBA

Description
The $.extend method of JQuery is vulnerable to Object.p…


April 9, 2019 0

[20190301] – Core – XSS in com_config JSON handler

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-March-04
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9712

Description
The JSON handler in com_config lacks input validat…


March 12, 2019 0