Three security vulnerabilities are fixed with the release of Joomla 3.9.21 version

Three security vulnerabilities are fixed with the release of Joomla 3.9.21 version

Joomla 3.9.21 has been released. This is a security release for Joomla 3.x series which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.

Our Joomla templates are compatible with this joomla version so you may update to latest Joomla 3.9.21 now.

Joomla 3.9.21 Security Issue Fixed

  • Low Priority - Core - XSS in mod_latestactions (affecting Joomla! 3.9.0 through 3.9.20) More information »
  • Low Priority - Core - Open redirect in com_content vote feature (affecting Joomla! 3.0.0 through 3.9.20) More information »
  • Low Priority - Core - Directory traversal in com_media (affecting Joomla! 2.5.0 through 3.9.20) More information »

Joomla 3.9.21 Bug Fix and Improvements

  • TinyMCE updated #30329
  • CodeMirror updated #30370
  • Upload Package File / Joomla Update : Upload file size check added #30190 #29895
  • Actions Log: Log an event when Joomla is updated #30157

Core - Open redirect in com_content vote feature

 

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 3.0.0-3.9.20
    Exploit type: Open Redirect
    Reported Date: 2020-July-05
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24598

 

Description

Lack of input validation in com_content leads to an open redirect.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Core - Directory traversal in com_media

 

    Project: Joomla!
    SubProject: CMS
    Impact: Low
    Severity: Low
    Versions: 2.5.0-3.9.20
    Exploit type: Directory Traversal
    Reported Date: 2020-February-02
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24597

 

Description

Lack of input validation allows com_media root paths outside of the webroot.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Core - XSS in mod_latestactions

 

    Project: Joomla!
    SubProject: CMS
    Impact: Moderate
    Severity: Low
    Versions: 3.9.0-3.9.20
    Exploit type: XSS
    Reported Date: 2020-August-21
    Fixed Date: 2020-August-25
    CVE Number: CVE-2020-24599

 

Description

Lack of escaping in mod_latestactions allows XSS attacks.

Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.20

Solution

Upgrade to version 3.9.21

Visit GitHub for the full list of bug fixes.

 

New Installations

Upgrade Packages

 

Before updating, please read the update instructions. Don't forget to clear browser's cache after upgrading.


Print   Email