Some important Joomla! Security News for our Webmasters!


[20150908] - Core - XSS Vulnerability


Posted: 08 Sep 2015 07:25 PM PDT


Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: requested


Description


Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs


Joomla! CMS versions 3.4.0 through 3.4.3
Solution


Upgrade to version 3.4.4
Contact


The JSST at the Joomla! Security Center.