Three Joomla Security issues affecting versions 1.6.0 through 3.6.0

Three Joomla security issues have recently been disclosed

Joomla CMS

The three vulnerabilities which affect versions 1.0.6 through 3.6.0 are as follows :
• [20160802] – Core – XSS Vulnerability
• [20160801] – Core – ACL Violation
• [20160803] – Core – CSRF

Specific details of each of the vulnerabilities :

[20160802] – Core – XSS Vulnerability

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.0
  • Exploit type: XSS Vulnerability
  • Reported Date: 2016-February-05
  • Fixed Date: 2016-August-03
  • CVE Number: Requested

Description : Inadequate escaping leads to XSS vulnerability in mail component.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1

[20160801] – Core – ACL Violation

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.0
  • Exploit type: ACL Violation
  • Reported Date: 2016-April-29
  • Fixed Date: 2016-August-03
  • CVE Numbers: requested

Description : Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1

[20160803] – Core – CSRF

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.6.0
  • Exploit type: CSRF
  • Reported Date: 2016-July-19
  • Fixed Date: 2016-August-03
  • CVE Numbers: requested

Description: Add additional CSRF hardening in com_joomlaupdate.
Affected Installs : Joomla! CMS version 3.6.0
Solution : Upgrade to version 3.6.1

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)

Post Your Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright Havenswift Hosting 2007-2018. All rights reserved.