You are here
Home > Preporuke > Ranjivost Joomla! CMS-a

Ranjivost Joomla! CMS-a

  • Detalji os-a: MAC, LDE, FED, FBS, LGE, HPU, LMV, LRH, LSU, LUB, W03, W08, WN7, VIS
  • Važnost: IMP
  • Operativni sustavi: O
  • Kategorije: APL, LDE, LFE, FBS, LGE, HPQ, LMV, LRH, LSU, ALL, LUB, W10, W03, W08, W12, WN7, WN8, VIS

Security Centre

[20150908] – Core – XSS Vulnerability

Posted: 08 Sep 2015 07:25 PM PDT

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: requested


Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs

Joomla! CMS versions 3.4.0 through 3.4.3

Upgrade to version 3.4.4

The JSST at the Joomla! Security Center.
Reported By: cfreer

You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:

Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “”>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
<style type=”text/css”>

h1 a:hover {background-color:#888;color:#fff ! important;}

div#emailbody table#itemcontentlist tr td div ul {

div#emailbody table#itemcontentlist tr td div blockquote {
border-left: 6px solid #dadada;

div#emailbody table#itemcontentlist tr td div li {

table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {

img {border:none;}

<div xmlns=”” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”” title=”(”>Joomla! Security News</a>
<td width=”1%” />
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=””>[20150908] – Core – XSS Vulnerability</a>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 08 Sep 2015 07:25 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.4.0 through 3.4.3</li>
<li>Exploit type: XSS Vulnerability</li>
<li>Reported Date: 2015-August-18</li>
<li>Fixed Date: 2015-September-08</li>
<li>CVE Number: requested</li>
<p>Inadequate escaping leads to XSS vulnerability in login module.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.4.0 through 3.4.3</p>
<p>Upgrade to version 3.4.4</p>
<p>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info”><strong>Reported By:</strong> cfreer</div><div class=”feedflare”>
<a href=””><img src=”” border=”0″></img></a>
</div><img src=”” height=”1″ width=”1″ alt=””/></div>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=””>Security Centre</a>.<br />To stop receiving these emails, you may <a href=”″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>

AutorTomislav Protega
Cert idNCERT-REF-2015-09-0022-ADV
ID izvornika20150908
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav SUSE Linux Enterprise Server/Desktop 12. Otkriveni nedostaci potencijalnim napadačima...