J3.x

Joomla 3.8.4 Notes about the Security Patches/fr

From Joomla! Documentation

This page is a translated version of the page J3.x:Joomla 3.8.4 Notes about the Security Patches and the translation is 31% complete.
Other languages:
Deutsch • ‎English • ‎Nederlands • ‎français

In Joomla 3.8.4, the Joomla Security Strike Team (JSST) started to implement a series of XSS protection patches for the backend that could affect some use cases. All these issues have been found by internal audits done by the JSST.

Quels sont les sites affectés ?

In Joomla 3.8.4, the JSST fixed 2 XSS issues counting in that category:

Versions affectées

Informations générales

Ceci ne concerne que les versions Joomla! : 3.8.4+

Module Chromes (CVE-2018-6380)

This patch is fixing a longstanding issue with the module Chrome where the module_tag parameter in the system and Protostar template lack escaping which could lead to a XSS attack. This issue is fixed in Joomla 3.8.4 but only for the core templates. Please contact your template provider so they can check the corresponding module Chromes.

com_fields (CVE-2018-6377)

This patch fixes a problem where you can enter a XSS code to the Text / Value options in com_fields plugins, like Checkbox, Radio and List. As a side effect of not allowing XSS anymore, the com_fields labels can't be anymore outputted as html.