Introduction

The Kunena team is proud to announce the arrival of Kunena 5.1.7 [K5.1.7] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.7. This update fixes also 1 security issue.

We have Released K5.1.7 because of a High Security issue.

The key distinctions of K 5.1.7 are:

  • 1 Security fix - High
  • Find the full changes: Here.

Posting Topic - High vulnerability

[20181120] - Core - XSS Vulnerability

• Project: Kunena
• SubProject: Forum
• Severity: HIGH
• Versions: 3.0 through 5.1.7
• Exploit type: XSS
• Reported by: Aleksandar Gligorijevic
• Reported Date: 2018-11-19 22:05
• Fixed Date: 2018-11-20 00:30
• Release Date: 2018-11-20

Description:
Override CSRF token checks lead to an XSS vulnerability..

Affected Installs

Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.7 is not affected)

Solution

Upgrade to version 5.1.7

Contact

This email address is being protected from spambots. You need JavaScript enabled to view it..


Download

K 5.1.7 is available for download on the download page.

Log in to comment