Hi everybody.
Dont know much about Joomla - I in general use Wordpress, but today i recieved this message about subject.
The warning reffered to …/mautic/vendor/joomla/filter/src/inputFilter.php
And when I saw inside Patchman (some kind of a control software inside the Cpanel packages) this text came up:
3 vulnerabilities in Joomla
Multiple vulnerabilities were found in this file:
[Joomla] [20170404] - Core - XSS Vulnerability
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.
[Joomla] [20170703] Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components
Part of release 3.7.3
This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.
[Joomla] [20170705] - Core - Inadequate filtering of HTML tags could lead to XSS vulnerabilities
Inadequate filtering of potentially malicious HTML tags lead to XSS vulnerabilities in various components.
This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.
So to those of you who knows alot more about this stuff than I do - know you know.
What I did ... I blocked the file - and dont know what that will effect, but I hope nothing.
Best regards
Jacob