The post Best Plesk Takeaways from my first WCEU – Plesk Stories appeared first on Plesk.
Posts Tagged XSS
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
- Exploit type: XSS Vulnerability
- Reported Date: 2014-August-27
- Fixed Date: 2014-September-23
- CVE Number: CVE-2014-6631
Description
Inadequate escaping leads to XSS vulnerability in com_media.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Solution
Upgrade to version 3.2.5 or 3.3.4
Contact
The JSST at the Joomla! Security Center.
(May 21) lxml could allow cross-site scripting (XSS) attacks.
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.1.2 through 3.2.2
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-04
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-05
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-October-26
- Fixed Date: 2013-November-06
- CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.16, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-October-25
- Fixed Date: 2013-November-06
- CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.15, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-October-06
- Fixed Date: 2013-November-06
- CVE Number:
Description
Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.
Affected Installs
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.15, 3.1.6 or 3.2.
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-April-17
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
[+] MySQL ODBC 5.1.11 driver support has been added
The following bug have been fixed:
[-] XSS vulnerability in Horde IMP has been fixed (CVE-2012-0791)
[-] When admin’s password changing via ch_admin_passwd utility mysqld is running with –skip-grant-tables option
[-] Migration via rsync may fails with “pipe: Too many open files” error
[-] 10.4.4 MU#28 does not set SELinux contexts on /usr/local/psa/handlers/hooks/check-quota handler which causes mail system to go down
[-] XSS injection vulnerability has been fixed in Horda
[-] XSS injection vulnerability has been fixed in Horda
The following bugs have been fixed:
[-] XSS vulnerability in Horde.
The following bugs have been fixed:
[-] XSS vulnerability in Horde.
Parallels Plesk Panel 8.6.0 for Windows, 9.3.0 for Windows and 9.5.5 for Windows security fixes
Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Functional fixes:
[-] ch_admin_passwd can’t stop unlimited mysqld
Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Functional fixes:
[-] ch_admin_passwd can’t stop unlimited mysqld
Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie
Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie