• Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 3.5.0 through 3.8.5
  • Exploit type: SQLi
  • Reported Date: 2018-March-08
  • Fixed Date: 2018-March-12
  • CVE Number: CVE-2018-8045

Description

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view

Affected Installs

Joom...

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.0.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-21
  • Fixed Date: 2018-January-30
  • CVE Number:CVE-2018-6380

Description

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

Affected Installs

Joomla! CMS versions 3.0.0 through...

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-20
  • Fixed Date: 2018-January-30
  • CVE Number:CVE-2018-6377

Description

Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

Affected...

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2017-November-17
  • Fixed Date: 2018-January-30
  • CVE Number:CVE-2018-6379

Description

Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.

Affected Installs

Joomla! CMS versions 1.5.0 through...

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: SQLi
  • Reported Date: 2017-November-17
  • Fixed Date: 2018-January-30
  • CVE Number:CVE-2018-6376

Description

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

Affected...