The Joomla! Project and Community is excited and proud to announce the immediate availability of Joomla! CMS 3.2.0 Stable. With literally dozens of new features including: Content version control Many user interface improvements Easy multi-lingual setup for 64
See other templatesSee other templates

Search: - For:

Getting Help

There are lots of places you can get help with Joomla!. In many places in your site...

The Joomla! Project

The Joomla Project consists of all of the people who make and support the Joomla Web Platform...

Using Joomla!

With Joomla you can create anything from a simple personal website to a complex ecommerce or social...

 

If this is your first Joomla! site or your first web site, you have come to the right place. Joomla will help you get your website up and running quickly and easily. Start off using your site by logging in using the administrator account you created when you installed Joomla. Explore the articles and other resources right here on your site data to learn more about how Joomla works.
Joomla! 3 continues development of the Joomla Platform and CMS as a powerful and flexible way to bring your vision of the web to reality. With the new administrator interface and adoption of Twitter Bootstrap, the ability to control its look and the management of extensions is now complete. Working with multiple template styles and overrides for the same views, creating the design you want is easier than it has ever been. Limiting support to PHP 5.3.10 and above makes Joomla lighter and faster than ever.

Joomla! Security News

  1. [20190206] - Core - Implement the TYPO3 PHAR stream wrapper

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: Object Injection
    • Reported Date: 2019-January-18
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7743

    Description

    The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:David Jardin (JSST)
  2. [20190205] - Core - XSS Issue in core.js writeDynaList

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2018-October-07
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7740

    Description

    Inadequate parameter handling in JS code could lead to an XSS attack vector.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Dimitris Grammatikogiannis
  3. [20190204] - Core - Stored XSS issue in the Global Configuration help url #2

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2019-January-16
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7741

    Description

    Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Antonin Steinhauser
  4. [20190203] - Core - Additional warning in the Global Configuration textfilter settings

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 2.5.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2019-January-17
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7739

    Description

    "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Raviraj Powar
  5. [20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Low
    • Severity: Low
    • Versions: 1.0.0 through 3.9.2
    • Exploit type: XSS
    • Reported Date: 2018-September-24
    • Fixed Date: 2019-February-12
    • CVE Number: CVE-2019-7742

    Description

    A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.

    Affected Installs

    Joomla! CMS versions 1.0.0 through 3.9.2

    Solution

    Upgrade to version 3.9.3

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hanno Böck

Getting Help

There are lots of places you can get help with Joomla!. In many places in your site...

The Joomla! Project

The Joomla Project consists of all of the people who make and support the Joomla Web Platform...

Using Joomla!

With Joomla you can create anything from a simple personal website to a complex ecommerce or social...

  

If this is your first Joomla! site or your first web site, you have come to the right place. Joomla will help you get your website up and running quickly and easily. Start off using your site by logging in using the administrator account you created when you installed Joomla.

If you are an experienced Joomla! user, this Joomla site will seem very familiar but also very different. The biggest change is the new administrator interface and the adoption of responsive design. Hundreds of other improvements have been made. 

Joomla! 3 continues development of the Joomla Platform and CMS as a powerful and flexible way to bring your vision of the web to reality. With the new administrator interface and adoption of Twitter Bootstrap, the ability to control its look and the management of extensions is now complete.

Go to top
national cpr association