Allele Security Alert
ASA-2019-00134
Identifier(s)
ASA-2019-00134, CVE-2019-9711
Title
Cross-Site Scripting (XSS) in item_title layout
Vendor(s)
Open Source Matters, Inc
Product(s)
Joomla! CMS
Affected version(s)
Joomla! CMS versions 3.2.0 through 3.9.3
Fixed version(s)
Joomla! CMS version 3.9.4
Proof of concept
Unknown
Description
The item_title layout in edit views lacks escaping, leading to a Cross-Site Scripting XSS vulnerability.
Technical details
Unknown
Credits
Fouad Maakor
Reference(s)
Security Announcements
https://developer.joomla.org/security-centre/
[20190302] – Core – XSS in item_title layout
https://developer.joomla.org/security-centre/773-20190302-core-xss-in-item-title-layout.html
CVE-2019-9711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9711
CVE-2019-9711
https://nvd.nist.gov/vuln/detail/CVE-2019-9711
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 14, 2019