WISSENSWERT

Websites - Kein Medium sonst, bietet ein derart breites Spektrum an Kommunikations­kanälen
Joomla! - CMS für einfache Webseiten bis zu komplexen E-Commerce oder Social Marketing Sites für M
Das Internet ist dynamisches Wissen. Es gilt : Existenz durch Informationspräsenz.
Websites sind schlichtweg essenzieller und integraler Bestandteil moderner Kommunikation ...
Websites sind eine jederzeit leicht verfügbare Quelle an Information für Interessenten. Nutzen Sie
40%-55% aller Internetsurfer sind heute mit mobilen Endgeräten im Netz.
Sich Informationen aus dem Netz zu beschaffen ist gewöhnliche Alltagshandlung ... Stehen Sie berei
Minimalism is more than leaving stuff out, in fact ... minimalism is a state of mind.
Es spielt eben doch eine Rolle, ob Ihr Unternehmen auch im Internet vertreten ist oder nicht!

Joomla! Developer News

  1. Joomla 5.2.0 Beta 3

    The Joomla Project is pleased to announce the availability of the Joomla 5.2 Beta 3 for testing.

  2. Joomla 5.2.0 Beta 2

    The Joomla Project is pleased to announce the availability of the Joomla 5.2 Beta 2 for testing.

  3. Joomla 5.2.0 Beta 1

    The Joomla Project is pleased to announce the availability of the Joomla 5.2 Beta 1 for testing.

  4. Joomla 5.2.0 Alpha 3

    The Joomla Project is pleased to announce the availability ofJoomla 5.2 Alpha 3 for testing.

  5. Joomla 5.2.0 Alpha 2

    The Joomla Project is pleased to announce the availability ofJoomla 5.2 Alpha 2 for testing.

Joomla! Security Announcements

  • [20240805] - Core - XSS vectors in Outputfilter::strip* methods
    20 August 2024
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Probability: Low
    • Versions:3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2
    • Exploit type: XSS
    • Reported Date: 2024-07-22
    • Fixed Date: 2024-08-20
    • CVE Number: CVE-2024-40743

    Description

    The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.

    Affected Installs

    Joomla! CMS versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2

    Solution

    Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Jesper den Boer
  • [20240804] - Core - Improper ACL for backend profile view
    20 August 2024
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Probability: Low
    • Versions: 4.0.0-4.4.6, 5.0.0-5.1.2
    • Exploit type: XSS
    • Reported Date: 2024-07-22
    • Fixed Date: 2024-08-20
    • CVE Number: CVE-2024-27187

    Description

    Improper Access Controls allows backend users to overwrite their username when disallowed.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2

    Solution

    Upgrade to version 4.4.7 or 5.1.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Elysee Franchuk
  • [20240803] - Core - XSS in HTML Mail Templates
    20 August 2024
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Moderate
    • Versions: 4.0.0-4.4.6, 5.0.0-5.1.2
    • Exploit type: XSS
    • Reported Date: 2024-07-22
    • Fixed Date: 2024-08-20
    • CVE Number: CVE-2024-27186

    Description

    The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2

    Solution

    Upgrade to version 4.4.7 or 5.1.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Elysee Franchuk
  • [20240802] - Core - Cache Poisoning in Pagination
    20 August 2024
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions: 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2
    • Exploit type: Cache Poisoning
    • Reported Date: 2024-05-23
    • Fixed Date: 2024-08-20
    • CVE Number: CVE-2024-27185

    Description

    The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

    Affected Installs

    Joomla! CMS versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2

    Solution

    Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Shane Edwards