Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CERTFR-2024-AVI-0701

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Joomla!	N/A	Joomla! versions 3.x-elts antérieures à 3.10.17-elts
Joomla!	N/A	Joomla! versions 4.x antérieures à 4.4.7
Joomla!	N/A	Joomla! versions 5.x antérieures à 5.1.3

References

Title

Publication Time

Tags

Bulletin de sécurité Joomla! 944-20240803	2024-08-20	vendor-advisory
Bulletin de sécurité Joomla! 946-20240805	2024-08-20	vendor-advisory
Bulletin de sécurité Joomla! 945-20240804	2024-08-20	vendor-advisory
Bulletin de sécurité Joomla! 941-20240801	2024-08-20	vendor-advisory
Bulletin de sécurité Joomla! 942-20240802	2024-08-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Joomla! versions 3.x-elts ant\u00e9rieures \u00e0 3.10.17-elts",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "Joomla! versions 4.x ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "Joomla! versions 5.x ant\u00e9rieures \u00e0 5.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-40743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40743"
    },
    {
      "name": "CVE-2024-27187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27187"
    },
    {
      "name": "CVE-2024-27185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27185"
    },
    {
      "name": "CVE-2024-27186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27186"
    },
    {
      "name": "CVE-2024-27184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27184"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0701",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Joomla!. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Joomla!",
  "vendor_advisories": [
    {
      "published_at": "2024-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 944-20240803",
      "url": "https://developer.joomla.org/security-centre/944-20240803-core-xss-in-html-mail-templates.html"
    },
    {
      "published_at": "2024-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 946-20240805",
      "url": "https://developer.joomla.org/security-centre/946-20240805-core-xss-vectors-in-outputfilter-strip-methods.html"
    },
    {
      "published_at": "2024-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 945-20240804",
      "url": "https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html"
    },
    {
      "published_at": "2024-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 941-20240801",
      "url": "https://developer.joomla.org/security-centre/941-20240801-core-inadequate-validation-of-internal-urls.html"
    },
    {
      "published_at": "2024-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 942-20240802",
      "url": "https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html"
    }
  ]
}

CERTFR-2024-AVI-0562

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Joomla!	N/A	CMS versions 3.x antérieures à 3.10.16-elts
Joomla!	N/A	CMS versions 5.x antérieures à 5.1.2
Joomla!	N/A	CMS versions 4.x antérieures à 4.4.6

References

Title

Publication Time

Tags

Bulletin de sécurité Joomla! 935-20240701	2024-07-09	vendor-advisory
Bulletin de sécurité Joomla! 936-20240702	2024-07-09	vendor-advisory
Bulletin de sécurité Joomla! 939-20240705	2024-07-09	vendor-advisory
Bulletin de sécurité Joomla! 937-20240703	2024-07-09	vendor-advisory
Bulletin de sécurité Joomla! 938-20240704	2024-07-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CMS versions 3.x ant\u00e9rieures \u00e0  3.10.16-elts",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "CMS versions 5.x ant\u00e9rieures \u00e0 5.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    },
    {
      "description": "CMS versions 4.x ant\u00e9rieures \u00e0 4.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Joomla!",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-26278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26278"
    },
    {
      "name": "CVE-2024-21729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21729"
    },
    {
      "name": "CVE-2024-21730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21730"
    },
    {
      "name": "CVE-2024-21731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21731"
    },
    {
      "name": "CVE-2024-26279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26279"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0562",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Joomla!. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Joomla!",
  "vendor_advisories": [
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 935-20240701",
      "url": "https://developer.joomla.org/security-centre/935-20240701-core-xss-in-accessible-media-selection-field.html"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 936-20240702",
      "url": "https://developer.joomla.org/security-centre/936-20240702-core-self-xss-in-fancyselect-list-field-layout.html"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 939-20240705",
      "url": "https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 937-20240703",
      "url": "https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Joomla! 938-20240704",
      "url": "https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html"
    }
  ]
}

Search criteria

2 vulnerabilities found for N/A by Joomla!

CERTFR-2024-AVI-0701

Solutions

CERTFR-2024-AVI-0562

Solutions