Joomla Fixes 2 Vulnerabilities with 3.7.4
The Joomla team have released Joomla 3.7.4 which contains two important security updates. We’re including details on them below. If you have not already updated to Joomla 3.7.4 we recommend you do so as soon as possible.
If you would like to ensure that you are not using an insecure version of Joomla, you can visit Gravityscan.com now and start a scan. We recently added detection for these two new vulnerabilities. Gravityscan will run a full malware and vulnerability scan on your website and will let you know if you have either of these vulnerabilities and many more.
With the release of 3.7.4, the Joomla team fixed the following two vulnerabilities:
- The Joomla installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. This vulnerability has a ‘High’ severity and affects versions 1.0.0 to version 3.7.3 of Joomla. It was reported in April of this year and has the identifier CVE-2017-11364.
- Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. This Joomla vulnerability affects versions 1.5.0 to 3.7.3 and has a ‘Low’ severity. It was reported in April of this year and has identifier CVE-2017-11612.
Both of these vulnerabilities are fixed in Joomla 3.7.4. We recommend that you upgrade at your earliest convenience. You can find the full announcement from the Joomla team on this page.
The Gravityscan Team.