Allele Security Alert
ASA-2019-00080
Identifier(s)
ASA-2019-00080, CVE-2019-7740
Title
XSS Issue in core.js writeDynaList
Vendor(s)
Open Source Matters, Inc
Product(s)
Joomla
Affected version(s)
Joomla 2.5.0 through 3.9.2
Fixed version(s)
Joomla 3.9.3
Proof of concept
Unknown
Description
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Technical details
Unknown
Credits
Dimitris Grammatikogiannis
Reference(s)
Security Announcements
https://developer.joomla.org/security-centre.html
CVE-2019-7740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7740
CVE-2019-7740
https://nvd.nist.gov/vuln/detail/CVE-2019-7740
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 13, 2019