Joomla! mod_banners script vulnerable up to version 3.9.1

A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability.

CWE is classifying the issue as CWE-80. This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

CVE-2019-6264

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

It is highly recommended to update Joomla to version 3.9.2 which is not affected.

 

Related recent vulnerabilities

CVE-2019-6261

Inadequate escaping in com_contact leads to a stored XSS vulnerability. Affects 2.5.0 through 3.9.1

 

CVE-2019-6262

Inadequate checks of the Global Configuration helpurl settings allowed a stored XSS. Affects 2.5.0 through 3.9.1

 

CVE-2019-6263

Inadequate checks of the Global Configuration Text Filter settings allowed a stored XSS. Affects 2.5.0 through 3.9.1

Joomla Security Center

 

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.