Published in Business

[20190301] - Core - XSS in com_config JSON handler

by on12 March 2019
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.2.0 through 3.9.3 Exploit
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.2.0 through 3.9.3
  • Exploit type: XSS
  • Reported Date: 2019-March-04
  • Fixed Date: 2019-March-12
  • CVE Number: CVE-2019-9712

Description

The JSON handler in com_config lacks input validation, leading to XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3

Solution

Upgrade to version 3.9.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Mario Korth, Hackmanit
Don't miss a thing!
Stay up-to-dated with JoomlaQuickStart
Receive updates for our Joomla news