Security Patch information from joomla.org. Joomla User Group Chicago North (JUGCN) is not responsible for the content.
Lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
Joomla! CMS versions 3.1.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre.
Lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
Joomla! CMS versions 3.9.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre.
Lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Joomla! CMS versions 3.0.0 - 3.9.23
Upgrade to version 3.9.24
The JSST at the Joomla! Security Centre.
Lack of input validation while handling ACL rulesets can cause write ACL violations.
Joomla! CMS versions 1.7.0 - 3.9.22
Upgrade to version 3.9.23
The JSST at the Joomla! Security Centre.
A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
Joomla! CMS versions 3.9.0 - 3.9.22
Upgrade to version 3.9.23
The JSST at the Joomla! Security Centre.