Alert GCSA-26117 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26117 data: 08 luglio 2026 titolo: Aggiornamento di sicurezza per Joomla! ****************************************************************** :: Descrizione del problema Sono state rilasciate nuova versioni del CMS Joomla! con le quali vengono corrette varie vulnerabilita' di sicurezza. [20260701] - Core - Incorrect Access Control in com_media webservice endpoints [20260702] - Core - Incorrect Access Control in com_contact vcf download [20260703] - Core - XSS in MFA method management [20260704] - Core - XSS in com_templates [20260705] - Core - XSS in various modalreturn layouts [20260706] - Core - XSS in com_installer [20260707] - Core - XSS in the generic image output layout [20260708] - Core - XSS through language overrides [20260709] - Core - Incorrect Access Control in com_workflow [20260710] - Core - Incorrect Access Control in com_modules [20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints [20260712] - Core - Incorrect Access Control in com_fields webservice endpoints Maggiori dettagli sono disponibili alla sezione "Riferimenti". :: Software interessato Joomla! versioni dalla 3.0.0 alla 5.4.6 Joomla! versioni dalla 6.0.0 alla 6.1.1 :: Impatto Bypass delle funzionalita' di sicurezza (SFB) Acquisizione di privilegi piu' elevati (EoP) Cross-Site Scripting (XSS) :: Soluzioni Aggiornare alle versioni piu' recenti (5.4.7, 6.1.2) https://downloads.joomla.org/ https://downloads.joomla.org/latest https://downloads.joomla.org/cms/joomla5/5-4-7 https://downloads.joomla.org/cms/joomla6/ :: Riferimenti Joomla! Release News https://www.joomla.org/announcements/release-news/5955-joomla-6-1-2-5-4-7-security-bugfix-release.html Joomla! Security Announcements https://developer.joomla.org/security-centre/ Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-48947 https://www.cve.org/CVERecord?id=CVE-2026-48948 https://www.cve.org/CVERecord?id=CVE-2026-48949 https://www.cve.org/CVERecord?id=CVE-2026-48950 https://www.cve.org/CVERecord?id=CVE-2026-48951 https://www.cve.org/CVERecord?id=CVE-2026-48952 https://www.cve.org/CVERecord?id=CVE-2026-48953 https://www.cve.org/CVERecord?id=CVE-2026-48954 https://www.cve.org/CVERecord?id=CVE-2026-48955 https://www.cve.org/CVERecord?id=CVE-2026-48956 https://www.cve.org/CVERecord?id=CVE-2026-48957 https://www.cve.org/CVERecord?id=CVE-2026-48958 GARR CERT Security Alert - subscribe/unsubscribe: http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCak4KzgAKCRDBnEyTZRJg QvViAKCGQe75Mm2ZDoRPSHpZL0DfitcODwCfc8Qnki50J+PcpS370BRdSdSmGjQ= =pn2A -----END PGP SIGNATURE-----