The Kunena team is proud to announce the arrival of Kunena 5.1.10 [K5.1.10] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.10. This update fixed 1 security issue.

We have Released K5.1.10 because of a 1 Medium Security issue

The key distinctions of K 5.1.10 are:

  • 1 Security fix - Medium
  • Disable Joomla Login disables the complete dropdown also when you are loggin.
  • Improve install checks
  • Global Mods should have access to the tab Subscriptions in user profiles
  • Validation error - duplicate ids
  • When creating a topic or answer, the lightbox will not loaded
  • Fix invalid HTML in Twitter widget
  • Fix some closing tags html
  • Crypsis b3 | Toggle button: It shows the description instead the symbol
  • Crypsis b3 | Rendering Error in layout Widget/Social
  • Fix instagram autoembed
  • Backend: no action when I clicking on Moderator icon
  • not validate api key
  • RSS Feed | Ex- and Include categories affects the entire global feed
  • Update readme and set joomla 3.9.3 as minimal version
  • Trying to get property 'title' in template/j3/rank/edit.php
  • Update Fancybox and Fontawesome
  • Find the full changes: Here.

Active menu class - Medium vulnerability

[20190227] - Core - XSS Vulnerability

• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 5.1.0 through 5.1.10
• Exploit type: XSS
• Reported by: Arcus Security GmbH (Stefan Horlacher)
• Reported Date: 2019-02-27
• Fixed Date: 2019-02-27
• Release Date: 2019-03-03

Override active menu item lead to an XSS vulnerability.

Affected Installs

Kunena versions 5.1.0 through 5.1.10


Upgrade to version 5.1.10


This email address is being protected from spambots. You need JavaScript enabled to view it..


K 5.1.10 is available for download on the download page.

Log in to comment