Security

Joomla Core - Escape xss in logo parameter error pages

Joomla Core - Escape xss in logo parameter error pages

Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030

Description

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.25

Solution

Upgrade to version 3.9.26

Read More

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Date: Wednesday, Jan 27th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-001
CVE ID: CVE-2020-36193
Vulnerability: Third Party Libraries
Versions affected: Backdrop Core 1.18.x versions prior to 1.18.1, Backdrop Core 1.17.x versions prior to 1.17.6
Backdrop versions 1.16 and prior do not receive security coverage.

Description

The Backdrop project uses the pear Archive_Tar library, which has released a security update that impacts Backdrop. For more information please see:

Read More

Backdrop core - Critical - Arbitrary PHP code execution - BACKDROP-SA-CORE-2020-008

Backdrop core - Critical - Arbitrary PHP code execution - BACKDROP-SA-CORE-2020-008

Date: Wednesday, Nov 25th, 2020
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2020-008
CVE ID: CVE-2020-28948, CVE-2020-28949
Vulnerability: Arbitrary PHP code execution

Versions affected

  • Backdrop Core 1.17.x versions prior to 1.17.4
  • Backdrop Core 1.16.x versions prior to 1.16.6

Backdrop versions 1.15 and prior do not receive security coverage.

Read More

Pages