Alert GCSA-24095 - Aggiornamento di sicurezza per Joomla!
******************************************************************
Alert ID: GCSA-24095
data: 12 luglio 2024
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
con la quale vengono corrette alcune vulnerabilita' di sicurezza.
[20240701] - Core - XSS in accessible media selection field
[20240702] - Core - Self-XSS in fancyselect list field layout
[20240703] - Core - XSS in StringHelper::truncate method
[20240704] - Core - XSS in Wrapper extensions
[20240705] - Core - XSS in com_fields default field value
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni precedenti alla 3.10.16-elts
Joomla! versioni precedenti alla 4.4.6
Joomla! versioni precedenti alla 5.1.2
:: Impatto
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle versioni piu' recenti
https://downloads.joomla.org/
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/Portal:Upgrading_Versions/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5909-joomla-5-1-2-and-joomla-4-4-6-security-and-bug-fix-release.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre.html
https://developer.joomla.org/security-centre/935-20240701
https://developer.joomla.org/security-centre/936-20240702
https://developer.joomla.org/security-centre/937-20240703
https://developer.joomla.org/security-centre/938-20240704
https://developer.joomla.org/security-centre/939-20240705
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2024-21729
https://www.cve.org/CVERecord?id=CVE-2024-21730
https://www.cve.org/CVERecord?id=CVE-2024-21731
https://www.cve.org/CVERecord?id=CVE-2024-26278
https://www.cve.org/CVERecord?id=CVE-2024-26279
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZpDonw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCT1UAmwYQw9JiWYbM/6973GosGs8JXnLiAKCwrIp5FFsY
ymLGJU2fz7McLjJLjw==
=4sX7
-----END PGP SIGNATURE-----
Alert ID: GCSA-24095
data: 12 luglio 2024
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
con la quale vengono corrette alcune vulnerabilita' di sicurezza.
[20240701] - Core - XSS in accessible media selection field
[20240702] - Core - Self-XSS in fancyselect list field layout
[20240703] - Core - XSS in StringHelper::truncate method
[20240704] - Core - XSS in Wrapper extensions
[20240705] - Core - XSS in com_fields default field value
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni precedenti alla 3.10.16-elts
Joomla! versioni precedenti alla 4.4.6
Joomla! versioni precedenti alla 5.1.2
:: Impatto
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle versioni piu' recenti
https://downloads.joomla.org/
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/Portal:Upgrading_Versions/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5909-joomla-5-1-2-and-joomla-4-4-6-security-and-bug-fix-release.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre.html
https://developer.joomla.org/security-centre/935-20240701
https://developer.joomla.org/security-centre/936-20240702
https://developer.joomla.org/security-centre/937-20240703
https://developer.joomla.org/security-centre/938-20240704
https://developer.joomla.org/security-centre/939-20240705
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2024-21729
https://www.cve.org/CVERecord?id=CVE-2024-21730
https://www.cve.org/CVERecord?id=CVE-2024-21731
https://www.cve.org/CVERecord?id=CVE-2024-26278
https://www.cve.org/CVERecord?id=CVE-2024-26279
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZpDonw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCT1UAmwYQw9JiWYbM/6973GosGs8JXnLiAKCwrIp5FFsY
ymLGJU2fz7McLjJLjw==
=4sX7
-----END PGP SIGNATURE-----