[20190204] - Core - Stored XSS issue in the Global Configuration help url #2

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity:Low
  • Versions: 2.5.0 through 3.9.2
  • Exploit type: XSS
  • Reported Date: 2019-January-16
  • Fixed Date: 2019-February-12
  • CVE Number:CVE-2019-7741

Description

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

Affected Installs

Joomla! CMS versions 2.5.0

through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser