Three Joomla Securit...
Three Joomla Security issues affecting versions 1.6.0 through 3.6.0
Three Joomla Security issues affecting versions 1.6.0 through 3.6.0
Three Joomla security issues have recently been disclosed
The three vulnerabilities which affect versions 1.0.6 through 3.6.0 are as follows :
• [20160802] – Core – XSS Vulnerability
• [20160801] – Core – ACL Violation
• [20160803] – Core – CSRF
Specific details of each of the vulnerabilities :
[20160802] – Core – XSS Vulnerability
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.6.0 through 3.6.0
- Exploit type: XSS Vulnerability
- Reported Date: 2016-February-05
- Fixed Date: 2016-August-03
- CVE Number: Requested
Description : Inadequate escaping leads to XSS vulnerability in mail component.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1
[20160801] – Core – ACL Violation
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.6.0 through 3.6.0
- Exploit type: ACL Violation
- Reported Date: 2016-April-29
- Fixed Date: 2016-August-03
- CVE Numbers: requested
Description : Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1
[20160803] – Core – CSRF
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 3.6.0
- Exploit type: CSRF
- Reported Date: 2016-July-19
- Fixed Date: 2016-August-03
- CVE Numbers: requested
Description: Add additional CSRF hardening in com_joomlaupdate.
Affected Installs : Joomla! CMS version 3.6.0
Solution : Upgrade to version 3.6.1
Latest posts by Havenswift Hosting (see all)
- CubeCart PayPal Commerce Plugin Requires Mandatory Phone Number - 14th April 2021
- PHP 7.2 Patches are available for Magento 1 - 6th October 2018
- New Magento patch released – SUPEE-10888 - 20th September 2018