OPENSUSE-SU-2025:15290-1 python39-3.9.23-3.1 on GA media

These are all security issues fixed in the python39-3.9.23-3.1 package on the GA media of openSUSE Tumbleweed...

Fedora 41 : python3.9 (2025-cebde6a6e3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cebde6a6e3 advisory. Update to 3.9.23. - gh-135034: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4435 CVE 2025-4517 Fixes multiple issues that allowed tarfile extraction...

Moodle < 3.9.23 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

BIT-JOOMLA-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Joomla! cross-site scripting vulnerability (CNVD-2021-03991)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 3.1.0-3.9.23. The...

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Design/Logic Flaw

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

CVE-2021-23125

Joomla! 3.1.0 through 3.9.23 is affected by CVE-2021-23125 due to lack of escaping of image-related parameters in com_tags views, enabling cross-site scripting (XSS). The root cause is improper escaping in image parameter handling within com_tags, leading to XSS vectors as described in multiple C...

PT-2021-15379 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.0 through 3.9.23 Description: The issue is related to a lack of escaping in the aria-label attribute of the mod breadcrumbs module, which allows XSS attacks. Recommendations: For Joomla! versions 3.9.0 through 3.9.23,...

Open Source Matters Joomla Security Vulnerability

Joomla is an open source, cross-platform content management system CMS developed by the U.S. Open Source Matters team using PHP and MySQL. A security vulnerability exists in Joomla 3.0.0 through 3.9.23, which stems from the program not performing data checks properly and can be exploited by...

PT-2021-15378 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.23 Description: The issue is related to the lack of ACL checks in the "orderPosition endpoint" of com modules, which can leak names of unpublished and/or inaccessible modules. Recommendations: For Joomla!...

PT-2021-15380 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.1.0 through 3.9.23 Description: The issue is related to the lack of escaping of image-related parameters in multiple com tags views, which can lead to XSS attack vectors. Recommendations: For Joomla! versions 3.1.0 through...

WordPress 3.9.x < 3.9.23 MediaElement.js Flash Fallback XSS

According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement under wp-includes/js/mediaelement. Note that the scanner has not tested for these issues but has instead relied only on...

Red Hat openshift-ansible SSL Client Certificate Authentication Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications. openshift-ansible is one of the tools for installing, upgrading, and managing OpenShift. A security vulnerability exists in Red Hat openshift-ansible...