Gravityscan Blog

Updates on website security and what's going on in our universe.

Joomla Fixes 2 Vulnerabilities with 3.7.4

This entry was posted in Joomla on Jul 25, 2017 by mark 0 Replies

The Joomla team have released Joomla 3.7.4 which contains two important security updates. We’re including details on them below. If you have not already updated to Joomla 3.7.4 we recommend you do so as soon as possible.

If you would like to ensure that you are not using an insecure version of Joomla, you can visit Gravityscan.com now and start a scan. We recently added detection for these two new vulnerabilities. Gravityscan will run a full malware and vulnerability scan on your website and will let you know if you have either of these vulnerabilities and many more.

With the release of 3.7.4, the Joomla team fixed the following two vulnerabilities:

  • The Joomla installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. This vulnerability has a ‘High’ severity and affects versions 1.0.0 to version 3.7.3 of Joomla. It was reported in April of this year and has the identifier¬†CVE-2017-11364.
  • Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. This Joomla vulnerability affects versions 1.5.0 to 3.7.3 and has a ‘Low’ severity. It was reported in April of this year and has identifier¬†CVE-2017-11612.

Both of these vulnerabilities are fixed in Joomla 3.7.4. We recommend that you upgrade at your earliest convenience. You can find the full announcement from the Joomla team on this page.

Regards,

The Gravityscan Team.

Did you enjoy this post? Share it!


No Replies on "Joomla Fixes 2 Vulnerabilities with 3.7.4"

You must be a Gravityscan user to join the discussion. Register now or sign in if you already have an account.