[20180102] – Core – XSS vulnerability in com_fields

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-20
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6377

Description

Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Benjamin Trenkle, JSST
Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.

Categories
Tags
3CXContact appliance Apps available Bare CentOS click Cloud Cloudflare Cluster Contact control cPanel enterprise find Fortigate here hosting install installed integrated into latest Linux Media MySQL network panel Plesk PleskContact Providers Railgun security Server Setup software Suse that Ubuntu using Webuzo when with works Wowza