• Avviso sicurezza: [20200605] - Core - CSRF in com_postinstall
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.7.0-3.9.18
    • Exploit type: CSRF
    • Reported Date: 2020-May-08
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13760

    Description

    Missing token checks in com_postinstall cause CSRF vulnerabilities.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200604] - Core - XSS in jQuery.htmlPrefilter
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Moderate
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-April-10
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-11022 and CVE-2020-11023

    Description

    The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."

    The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin, JSST

  • Avviso sicurezza: [20200603] - Core - XSS in com_modules tag options
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-May-06
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13762

    Description

    Incorrect input validation of the module tag option in com_modules allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200602] - Core - Inconsistent default textfilter settings
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.18
    • Exploit type: Insecure Permissions
    • Reported Date: 2020-April-23
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13763

    Description

    The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Brian Teeman

  • Avviso sicurezza: [20200601] - Core - XSS in modules heading tag option
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.18
    • Exploit type: XSS
    • Reported Date: 2020-May-06
    • Fixed Date: 2020-June-02
    • CVE Number: CVE-2020-13761

    Description

    Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.18

    Solution

    Upgrade to version 3.9.19

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

  • Avviso sicurezza: [20200403] - Core - Incorrect access control in com_users access level deletion function
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0 - 3.9.16
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-March-13
    • Fixed Date: 2020-April-21
    • CVE Number: CVE-2020-11889

    Description

    Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.16

    Solution

    Upgrade to version 3.9.17

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  • Avviso sicurezza: [20200402] - Core - Missing checks for the root usergroup in usergroup table
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0 - 3.9.16
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-February-27
    • Fixed Date: 2020-April-21
    • CVE Number: CVE-2020-11890

    Description

    Inproper input validations in the usergroup table class could lead to a broken ACL configuration.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.16

    Solution

    Upgrade to version 3.9.17

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  • Avviso sicurezza: [20200401] - Core - Incorrect access control in com_users access level editing function
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.8.8 - 3.9.16
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-March-13
    • Fixed Date: 2020-April-21
    • CVE Number: CVE-2020-11891

    Description

    Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

    Affected Installs

    Joomla! CMS versions 3.8.8 - 3.9.16

    Solution

    Upgrade to version 3.9.17

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  • Avviso sicurezza: [20200306] - Core - SQL injection in Featured Articles menu parameters
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 1.7.0-3.9.15
    • Exploit type: SQL Injection
    • Reported Date: 2020-March-9
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10243

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Sam Thomas, Pentest.co.uk

  • Avviso sicurezza: [20200304] - Core - Identifier collisions in com_users
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: Other
    • Reported Date: 2020-February-07
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10240

    Description

    Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Lee Thao from Viettel Cyber Security

Informazioni

Benvenuto nel tuo Pannello Admin.

Da queste pagine puoi facilmente accedere alle varie sezioni di amministrazione del tuo dominio e della tua Posta Elettronica.

Dal top menu scegli se accedere alla sezione PLESK o alla Web Mail e poi clicca sulle immagini per aprire la pagina desiderata.

Puoi anche accedere alla pagina di monitoraggio server, così da visualizzare i grafici sullo stato del server dove si trova residente il tuo dominio, oppure nella pagina di informazioni sulla configurazione PHP del tuo dominio..

Nella pagina "Notizie" troverai una selezione di link ad articoli riguardanti CSM, Internet e Software; nella sezione "Sicurezza" saranno visualizzati link ad articoli sulle vulnerabiltà scoperte nei principali CMS (Joomla, Wordpress, Drupal, PhpBB, ecc.).