The AltaGrade Blog

Joomla Core - Escape xss in logo parameter error pages

Joomla Core - Escape xss in logo parameter error pages

Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030

Description

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.25

Solution

Upgrade to version 3.9.26

Read More

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001

Date: Wednesday, Jan 27th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-001
CVE ID: CVE-2020-36193
Vulnerability: Third Party Libraries
Versions affected: Backdrop Core 1.18.x versions prior to 1.18.1, Backdrop Core 1.17.x versions prior to 1.17.6
Backdrop versions 1.16 and prior do not receive security coverage.

Description

The Backdrop project uses the pear Archive_Tar library, which has released a security update that impacts Backdrop. For more information please see:

Read More

Pages