Allele Security Alert
ASA-2019-00133
Identifier(s)
ASA-2019-00133, CVE-2019-9712
Title
Cross-Site Scripting (XSS) in com_config JSON handler
Vendor(s)
Open Source Matters, Inc
Product(s)
Joomla! CMS
Affected version(s)
Joomla! CMS versions 3.2.0 through 3.9.3
Fixed version(s)
Joomla! CMS version 3.9.4
Proof of concept
Unknown
Description
The JSON handler in com_config lacks input validation, leading to Cross-Site Scripting (XSS) vulnerability.
Technical details
Unknown
Credits
Mario Korth (Hackmanit)
Reference(s)
Security Announcements
https://developer.joomla.org/security-centre/
[20190301] – Core – XSS in com_config JSON handler
https://developer.joomla.org/security-centre/772-20190301-core-xss-in-com-config-json-handler.html
CVE-2019-9712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9712
CVE-2019-9712
https://nvd.nist.gov/vuln/detail/CVE-2019-9712
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 14, 2019