[20190204] - Core - Stored XSS issue in the Global Configuration help url #2

#JUGL meetings are held on the 3rd Tuesday of each month

NEXT MEETING:

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: XSS
Reported Date: 2019-January-16
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7741

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre.

Antonin Steinhauser

Read more http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/3OVpsR6Ape0/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2.html

Launch a Full version of Joomla! for FREE (including hosting) Find out More