Upgrade to version 3.2.5 or 3.3.4



  • [20140901] - Core - XSS Vulnerability

    Posted: 23 Sep 2014 12:00 PM PDT

    Project: Joomla!
    SubProject: CMS
    Severity: Moderate
    Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
    Exploit type: XSS Vulnerability
    Reported Date: 2014-August-27
    Fixed Date: 2014-September-23
    CVE Number: CVE-2014-6631
    Description
    Inadequate escaping leads to XSS vulnerability in com_media.

    Affected Installs
    Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

    Solution
    Upgrade to version 3.2.5 or 3.3.4

    Contact
    The JSST at the Joomla! Security Center.

    Reported By: Dingjie (Daniel) Yang

    [20140902] - Core - Unauthorised Logins

    Posted: 23 Sep 2014 12:00 PM PDT

    Project: Joomla!
    SubProject: CMS
    Severity: Moderate
    Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
    Exploit type: Unauthorised Logins
    Reported Date: 2014-September-09
    Fixed Date: 2014-September-23
    CVE Number: CVE-2014-6632
    Description
    Inadequate checking allowed unauthorised logins via LDAP authentication.

    Affected Installs
    Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3

    Solution
    Upgrade to version 2.5.25, 3.2.5, or 3.3.4


登入以回覆

看起來你的連線到 Joomla!台灣討論區 已經遺失,請稍等一下我們嘗試重新連線。