FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

joomla3 -- vulnerabilitiesw

Affected packages
joomla3 < 3.8.12

Details

VuXML ID bf2b9c56-b93e-11e8-b2a8-a4badb296695
Discovery 2018-08-23
Entry 2018-09-15

JSST reports: Multiple low-priority Vulnerabilities

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Inadequate checks regarding disabled fields can lead to an ACL violation.

References

CVE Name CVE-2018-15860
CVE Name CVE-2018-15881
CVE Name CVE-2018-15882
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882
URL https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html
URL https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
URL https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html