Check Your Site Now for 3 New Joomla Vulnerabilities
On July 4, less than 48 hours ago, Joomla released version 3.7.3, which is an important security update. The release includes fixes for three vulnerabilities: two cross site scripting (XSS) vulnerabilities and an information disclosure vulnerability. If you have not yet updated your Joomla website to Joomla 3.7.3, we recommend you do so now.
These vulnerability discoveries come on the heels of a recent major Joomla security update, which was released just a few weeks ago. We previously covered that release at the time, emphasizing the critical importance of updating your site’s software the instant an update becomes available. As soon as hackers become aware of a widespread vulnerability, they can start to attack sites with it. However, unlike May’s release, Joomla did not announce this update in advance.
We’ve already updated Gravityscan to include detection for these new vulnerabilities. We recommend you visit https://www.gravityscan.com/ and run a scan on all of your Joomla websites to make sure they’re secure. Gravityscan will run a comprehensive scan on your site and alert you to any security problems you may have.
Below we include some additional detail on each of the vulnerabilities that were fixed with release 3.7.3:
This vulnerability allows an attacker to exploit a flaw in the way Joomla handles access control to the cache. The attacker can use this flaw to view sensitive information from forms on the target system. Joomla versions 1.7.3 and higher are affected.