NMP WEB DESIGN

SEARCH ENGINE PLACEMENT EXPERTS

Security Announcements

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.4
    • Exploit type: Reflexted XSS
    • Reported Date: 2022-10-28
    • Fixed Date: 2022-11-08
    • CVE Number: CVE-2022-27914

    Description

    Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media..

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.4

    Solution

    Upgrade to version 4.2.5

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:https://github.com/Denitz
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.6
    • Exploit type: CSRF
    • Reported Date: 2022-12-24
    • Fixed Date: 2023-01-31
    • CVE Number: CVE-2023-23750

    Description

    A missing token check causes a CSRF vulnerability in the handling of post-installation messages.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.6

    Solution

    Upgrade to version 4.2.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Faizan Wani
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.6
    • Exploit type: Incorrect Access Control
    • Reported Date: 2023-01-01
    • Fixed Date: 2023-01-31
    • CVE Number: CVE-2023-23751

    Description

    A missing ACL check allows non super-admin users to access com_actionlogs.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.6

    Solution

    Upgrade to version 4.2.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Faizan Wani
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.3
    • Exploit type: Reflexted XSS
    • Reported Date: 2022-10-07
    • Fixed Date: 2022-10-25
    • CVE Number: CVE-2022-27913

    Description

    Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.3

    Solution

    Upgrade to version 4.2.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Ajith Menon
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Critical
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.3
    • Exploit type: Information Disclosure
    • Reported Date: 2022-10-13
    • Fixed Date: 2022-10-25
    • CVE Number: CVE-2022-27912

    Description

    Joomla 4 sites with publicly enabled debug mode exposed data of previous requests.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.3

    Solution

    Upgrade to version 4.2.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Peter Martin

TESTIMONIES

"Being a designer I already knew what I wanted my site to look like, the last company I worked with did not listen to me and I was unhappy with the results. Net Magik Pros Web Design was able to use elements that I liked with things I felt were lacking-leaving me with a fantastic site that projects the image I was looking for my company. The site is clean and organized, but also fun! I will refer Net Magik Pros Web Design to anyone looking for a website. I can trust that they will listen to their needs and give them exactly what they want. That is worth its weight in gold! "
Brandy