Zero-Day Advisory
Fortinet Discovers Joomla! Specific HTML Attribute Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in Joomla!.
Joomla! is one of the world's most popular content management system (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla! and it accounts for more than 9 percent of CMS market share.
A XSS vulnerability has been discovered in Joomla! 3.6.5 and earlier versions. It is caused by inadequate filtering of specific HTML attributes which leads to XSS vulnerabilities in various components.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Joomla!.Core.Article.Post.Colon.Char.XSS
Released Feb 27, 2017
FortiWeb can protect this specific vulnerability since the signature package 0.00178.
Users should apply the solution provided by Joomla!.
Additional Information
Fortinet reported the vulnerability to Joomla! on Feb. 22, 2017.
Joomla! confirmed the vulnerability on Feb. 24, 2017.
Joomla! patched the vulnerability on Apr. 25, 2017.