===================================================================== CERT-Renater Note d'Information No. 2022/VULN402 _____________________________________________________________________ DATE : 26/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Joomla! versions prior to 4.2.4. ===================================================================== https://developer.joomla.org/security-centre/885-20221001-core-disclosure-of-critical-information-in-debug-mode.html https://developer.joomla.org/security-centre/886-20221002-core-reflected-xss-in-various-components.html _____________________________________________________________________ [20221001] - Core - Disclosure of critical information in debug mode Project: Joomla! SubProject: CMS Impact: Critical Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Information Disclosure Reported Date: 2022-10-13 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27912 Description Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Peter Martin _____________________________________________________________________ [20221002] - Core - RXSS through reflection of user input in headings Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Reflexted XSS Reported Date: 2022-10-07 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27913 Description Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Ajith Menon ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================