The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Moderate
  • Versions: 3.0.0 through 3.9.4
  • Exploit type: XSS
  • Reported Date: 2019-March-25
  • Fixed Date: 2019-April-09
  • CVE Number: TBA


The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.9.4


Upgrade to version 3.9.5


The JSST at the Joomla! Security Centre....

Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST)

Read more