==================================================================== CERT-Renater Note d'Information No. 2020/VULN324 _____________________________________________________________________ DATE : 09/06/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Joomla! versions prior to 3.9.19. ===================================================================== https://developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option.html https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings.html https://developer.joomla.org/security-centre/815-20200603-core-xss-in-com-modules-tag-options.html https://developer.joomla.org/security-centre/816-20200604-core-xss-in-jquery-htmlprefilter.html https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall.html https://www.joomla.org/announcements/release-news/5812-joomla-3-9-19.html _____________________________________________________________________ [20200601] - Core - XSS in modules heading tag option Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-May-06 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13761 Description Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security _____________________________________________________________________ [20200602] - Core - Inconsistent default textfilter settings Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0-3.9.18 Exploit type: Insecure Permissions Reported Date: 2020-April-23 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13763 Description The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Brian Teeman _____________________________________________________________________ [20200603] - Core - XSS in com_modules tag options Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-May-06 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13762 Description Incorrect input validation of the module tag option in com_modules allow XSS attacks. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security _____________________________________________________________________ [20200604] - Core - XSS in jQuery.htmlPrefilter Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-April-10 Fixed Date: 2020-June-02 CVE Number: CVE-2020-11022 and CVE-2020-11023 Description The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others." The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: David Jardin, JSST _____________________________________________________________________ [20200605] - Core - CSRF in com_postinstall Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.7.0-3.9.18 Exploit type: CSRF Reported Date: 2020-May-08 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13760 Description Missing token checks in com_postinstall cause CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================