The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Joomla! CMS versions 1.0.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Terminal Madness started out as a Computer Bulletin Board, ( BBS ) back in the early 90's. Fascinated that one could get all the information they ever wanted "on line", for FREE, the "BBS" was named Terminal Madness.
Now, about 22 years later, that fascination with computers and information continues.
From the USA, to the Dominican Republic, to Curacao and back to the USA.