The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS):
- [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessions when a user’s MFA methods have been modified
- [20240202] – CVE-2024-21723 Core – Open redirect in installation application: Inadequate parsing of URLs could result into an open redirect.
- [20240203] – CVE-2024-21724 Core – XSS in media selection fields: Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
- [20240204] – CVE-2024-21725 Core – XSS in mail address outputs: Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
- [20240205] – CVE-2024-21726 Core – Inadequate content filtering within the filter code: Inadequate content filtering leads to XSS vulnerabilities in various components.