• Avviso sicurezza: [20200706] - Core - System Information screen could expose redis or proxy credentials
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

  • Avviso sicurezza: [20200705] - Core - Escape mod_random_image link
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

  • Avviso sicurezza: [20200704] - Core - Variable tampering via user table class
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-Jun-02
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15697

    Description

    Internal read-only fields in the User table class could be modified by users.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

  • Avviso sicurezza: [20200703] - Core - CSRF in com_privacy remove-request feature
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.19
    • Exploit type: CSRF
    • Reported Date: 2020-May-07
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15695

    Description

    A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200702] - Core - Missing checks can lead to a broken usergroups table record
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0-3.9.19
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-April-04
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15699

    Description

    Missing validation checks at the usergroups table object can result into an broken site configuration.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  • Avviso sicurezza: [20200701] - Core - CSRF in com_installer ajax_install endpoint
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.7.0-3.9.19
    • Exploit type: CSRF
    • Reported Date: 2020-May-07
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-XXXXX

    Description

    A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200605] - Core - CSRF in com_postinstall
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.7.0-3.9.18
    • Exploit type: CSRF
    • Reported Date: 2020-May-08
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13760

    Description

    Missing token checks in com_postinstall cause CSRF vulnerabilities.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200604] - Core - XSS in jQuery.htmlPrefilter
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-April-10
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-11022 and CVE-2020-11023

    Description

    The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."

    The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin, JSST

  • Avviso sicurezza: [20200603] - Core - XSS in com_modules tag options
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-May-06
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13762

    Description

    Incorrect input validation of the module tag option in com_modules allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200602] - Core - Inconsistent default textfilter settings
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.18
    • Exploit type: Insecure Permissions
    • Reported Date: 2020-April-23
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13763

    Description

    The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Brian Teeman

Informazioni

Benvenuto nel tuo Pannello Admin.

Da queste pagine puoi facilmente accedere alle varie sezioni di amministrazione del tuo dominio e della tua Posta Elettronica.

Dal top menu scegli se accedere alla sezione PLESK o alla Web Mail e poi clicca sulle immagini per aprire la pagina desiderata.

Puoi anche accedere alla pagina di monitoraggio server, così da visualizzare i grafici sullo stato del server dove si trova residente il tuo dominio, oppure nella pagina di informazioni sulla configurazione PHP del tuo dominio..

Nella pagina "Notizie" troverai una selezione di link ad articoli riguardanti CSM, Internet e Software; nella sezione "Sicurezza" saranno visualizzati link ad articoli sulle vulnerabiltà scoperte nei principali CMS (Joomla, Wordpress, Drupal, PhpBB, ecc.).