[20200103] - Core - XSS in com_actionlogs

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity:Low
  • Versions: 3.9.0-3.9.14
  • Exploit type: XSS
  • Reported Date: 2019-December-25
  • Fixed Date: 2020-January-28
  • CVE Number:CVE-2020-xxxxx

Description

Inadequate escaping of usernames allow XSS attacks in com_actionlogs.

Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.14

Solution

Upgrade to

version 3.9.15

Contact

The JSST at the Joomla! Security Centre.

Reported By: Mayank Kumbhar from Techjoomla