As a part of an ongoing initiative to improve user experience in our product, in cPanel & WHM Version 78 we introduced cPanel Analytics. This functionality is intentionally built with ease of use and privacy in mind. It provides us with deeper insight into how our customers utilize cPanel, WHM, and Webmail without compromising the privacy of those users. We tested the feature directly with a few customers on cPanel & WHM Version 74, made some adjustments in …
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.2.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-March-04
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9712
Description
The JSON handler in com_config lacks input validation, leading to XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9711
Description
The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9714
Description
The media form field lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Versions: 3.8.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-28
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9713
Description
The sample data plugins lack ACL checks, allowing unauthorized access.
Affected Installs
Joomla! CMS versions 3.8.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.