Network Security, Patch/Configuration Management, Vulnerability Management

Joomla! patches XSS vulnerabilities

Joomla! recently patched two cross-site scripting vulnerabilities that if left unrepaired could give a malicious actor higher permissions possibly allowing the targeted site to be taken over.

Fortinet said it had reported the issues to Joomla! earlier this year and the content management system provider patched them last week. The issues were CVE-2017-7985 and CVE-2017-7986 for Joomla! versions 1.5.0 through 3.6.5.

The issue was caused by Joomla being unable to sterilize dangerous code like javascript:alert()”, “background:url(), when the attacker used a tool such as Burp Suite to simply side step Joomla's built in defense.

Fortinet encouraged Joomla! users, of which there are 78 million worldwide, to immediately update their software.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.