Joomla! mod_banners script vulnerable up to version 3.9.1

A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability.

CWE is classifying the issue as CWE-80. This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

CVE-2019-6264

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

It is highly recommended to update Joomla to version 3.9.2 which is not affected.

Related recent vulnerabilities

CVE-2019-6261

Inadequate escaping in com_contact leads to a stored XSS vulnerability. Affects 2.5.0 through 3.9.1

CVE-2019-6262

Inadequate checks of the Global Configuration helpurl settings allowed a stored XSS. Affects 2.5.0 through 3.9.1

CVE-2019-6263

Inadequate checks of the Global Configuration Text Filter settings allowed a stored XSS. Affects 2.5.0 through 3.9.1

Joomla Security Center

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.

Subscribe

Email

I agree to the Privacy Policy and would love to receive your newsletter

SUBSCRIBE NOW

We respect your privacy.