CVE-2019-6262
published 2019-01-16CVE-2019-6262: An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
PriorityP424medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.57%
42.9th percentile
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla_! | >= 2.5.0 < 3.9.2 | 3.9.2 |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions
arxiv_fulltext·2021-02-05
Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions
Over 100 Bugs in a Row:
Security Analysis of the Top-Rated joomla Extensions
Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky
[email protected]
Hackmanit GmbH
## Abstract
Nearly every second website is using a cms such as wp, drupal, and joomla. These systems help to create and modify digital data, typically within a collaborative environment. One common feature is to enrich their functionality by using extensions. Popular extensions allow developers to easily include payment gateways, backup tools, and social media components.
Due to the extended functionality, it is not surprising that such an expansion of complexity implies a bigger attack surface. In contrast to cms core systems, extensions are usually not considered during public security audits. Ho
Bugzilla
CVE-2019-18835 matrix-synapse: mishandles signature checking on some federation APIs
bugzilla·2019-11-08·CVSS 9.8
CVE-2019-18835 [CRITICAL] CVE-2019-18835 matrix-synapse: mishandles signature checking on some federation APIs
CVE-2019-18835 matrix-synapse: mishandles signature checking on some federation APIs
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
Reference:
https://github.com/matrix-org/synapse/pull/6262
Discussion:
Created matrix-synapse tracking bugs for this issue:
Affects: fedora-all [bug 1770334]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
http://www.securityfocus.com/bid/106638https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-urlhttp://www.securityfocus.com/bid/106638https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url
2019-01-16
Published