CALL US TODAYCALL NOW FREE: 1 800 MOTION

CALL TODAY: 1 800 66 84 66

BUILT-IN COLOR PICKER

COLOR PICKER

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua

RESPONSIVE LAYOUT

RESPONSIVE LAYOUT

Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

MODERN DESIGN

MODERN DESIGN

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur excepteur sint

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.7.0-3.9.18
    • Exploit type: CSRF
    • Reported Date: 2020-May-08
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13760

    Description

    Missing token checks in com_postinstall cause CSRF vulnerabilities.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Bui Duc Anh Khoa from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-April-10
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-11022 and CVE-2020-11023

    Description

    The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."

    The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:David Jardin, JSST
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-May-06
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13762

    Description

    Incorrect input validation of the module tag option in com_modules allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Bui Duc Anh Khoa from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.18
    • Exploit type: Insecure Permissions
    • Reported Date: 2020-April-23
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13763

    Description

    The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Brian Teeman
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-May-06
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13761

    Description

    Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Bui Duc Anh Khoa from Viettel Cyber Security
Person 1

Art Director

Lorem ipsum dolor sit amet

Person 2

Interactive Director

Ut enim ad minim veniam

Person 3

Creative Director

Duis aute irure dolor

03 About Us

Ced ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

04 Contact Us

200 MotionDesign Template

Your business address goes here
(123) 123-2468
[email protected]
www.motiontemplate.com