Mautic Community Forums

3 vulnerabilities in Joomla - Error message from my Cpanel

Hi everybody.



Dont know much about Joomla - I in general use Wordpress, but today i recieved this message about subject.



The warning reffered to …/mautic/vendor/joomla/filter/src/inputFilter.php



And when I saw inside Patchman (some kind of a control software inside the Cpanel packages) this text came up:





3 vulnerabilities in Joomla

Multiple vulnerabilities were found in this file:



[Joomla] [20170404] - Core - XSS Vulnerability



In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.



This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.



[Joomla] [20170703] Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components



Part of release 3.7.3



This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.



[Joomla] [20170705] - Core - Inadequate filtering of HTML tags could lead to XSS vulnerabilities



Inadequate filtering of potentially malicious HTML tags lead to XSS vulnerabilities in various components.



This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.



So to those of you who knows alot more about this stuff than I do - know you know.

What I did ... I blocked the file - and dont know what that will effect, but I hope nothing.

Best regards

Jacob

Hi everybody.

Dont know much about Joomla - I in general use Wordpress, but today i recieved this message about subject.

The warning reffered to …/mautic/vendor/joomla/filter/src/inputFilter.php

And when I saw inside Patchman (some kind of a control software inside the Cpanel packages) this text came up:

3 vulnerabilities in Joomla
Multiple vulnerabilities were found in this file:

[Joomla] [20170404] - Core - XSS Vulnerability

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.

[Joomla] [20170703] Inadequate filtering of multibyte characters lead to XSS vulnerabilities in various components

Part of release 3.7.3

This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.

[Joomla] [20170705] - Core - Inadequate filtering of HTML tags could lead to XSS vulnerabilities

Inadequate filtering of potentially malicious HTML tags lead to XSS vulnerabilities in various components.

This is a vulnerability of the type XSS. Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users.


So to those of you who knows alot more about this stuff than I do - know you know.

What I did … I blocked the file - and dont know what that will effect, but I hope nothing.

Best regards

Jacob