The Joomla! Community Portal ™

JoomlaConnect

JoomlaConnect - Security English

(View All Languages)

Recent Posts

youtube gallery, 4.1.7,

  • Report this


youtube gallery, 4.1.7, SQL Injection

Extension Update Details

4.1.9

UpdateNoticeURL
http://www.joomlaboat.com/youtube-gallery

Keep reading about: youtube gallery, 4.1.7,...
 

K2 Content Extension, 2.6.8,

  • Report this


K2 Content Extension, 2.6.8, XSS (Cross Site Scripting)

Keep reading about: K2 Content Extension, 2.6.8,...
 

K2 Content Extension, 2.6.8,

  • Report this


K2 Content Extension, 2.6.8, XSS (Cross Site Scripting)

Keep reading about: K2 Content Extension, 2.6.8,...
 

JW player, 5.10.22 xss

  • Report this


JW player, 5.10.2295, XSS (Cross Site Scripting)

Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0

 

Keep reading about: JW player, 5.10.22 xss...
 

Joomlaworks allvideos

  • Report this


Joomlaworks allvideos plugin version 4.5.0 and previous XSS (cross-site scripting)

 

Extension Update Details
The new 4.6.0 version released replaces the XSS affected JW Player v5 with the newest v6.


UpdateNoticeURL
http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0

Keep reading about: Joomlaworks allvideos...
 

EasyBlog pre 3.9.15770

  • Report this


EasyBlog

Extension Update Details. This fix has been included in EasyBlog 3.9.15770


UpdateNoticeURL
http://stackideas.com/blog/easyblog-3-9-15770-released

Keep reading about: EasyBlog pre 3.9.15770...
 

Yeedeen YEEditor

  • Report this


Yeendeen YEEditor versions 1.07 and previous

Unauthorized file upload
Extension Update Details

YEEditor 1.07 Security Patches

You MUST UPDATE your YEEditor today.

You can download the zip file and follow the following steps to patch your YEEditor

DOWNLOAD 1.07 Patches ZIP

http://www.yeedeen.com/media/YEEditor_1.07_patch.zip

UpdateNoticeURL

Keep reading about: Yeedeen YEEditor...
 

plg_highlight_button, 1.5 and previious sqli

  • Report this


plg_highlight_button, 1.5 and previious versions, SQL Injection

Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html

Keep reading about: plg_highlight_button, 1.5 and previious sqli...
 

plg_highlight_content, 1.5 and previous

  • Report this


plg_highlight_content, 1.5 and previious versions, XSS (Cross Site Scripting)

update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html

Keep reading about: plg_highlight_content, 1.5 and previous...
 

[20140302] - Core - XSS Vulnerability

  • Report this


  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.1.2 through 3.2.2
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-04
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2

Solution

Upgrade to version 3.2.3

Contact

The JSST at the Joomla!...

Keep reading about: [20140302] - Core - XSS Vulnerability...
 


To get your feed included in JoomlaConnect, see our page on getting connected.