[20190203] - Core - Additional warning in the Global Configuration textfilter settings

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity:Low
  • Versions: 2.5.0 through 3.9.2
  • Exploit type: XSS
  • Reported Date: 2019-January-17
  • Fixed Date: 2019-February-12
  • CVE Number:CVE-2019-7739

Description

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected

for the user. An additional message is now shown in the configuration dialog.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Raviraj Powar