Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.
after35 minutes on friday in the musical roundabout, I Spoke to SIA after 28 minutes on hold, who despite saying they couldn't speak to me as I personally didn't do the online application, admitted that the letter they should have sent me on the 17th May wasn't actually sent.
We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.