Advertisement
Top
image credit: Pixabay

Multiple XSS flaws in Joomla can lead to remote code execution

February 22, 2024

Via: Security Affairs
Category:

The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS):

  • [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessions when a user’s MFA methods have been modified
  • [20240202] – CVE-2024-21723 Core – Open redirect in installation application: Inadequate parsing of URLs could result into an open redirect.
  • [20240203] – CVE-2024-21724 Core – XSS in media selection fields: Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
  • [20240204] – CVE-2024-21725 Core – XSS in mail address outputs: Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
  • [20240205] – CVE-2024-21726 Core – Inadequate content filtering within the filter code: Inadequate content filtering leads to XSS vulnerabilities in various components.

Read More on Security Affairs

RELATED PUBLICATIONS

iPhone Users Are Being Targeted by MFA Bombs, Here’s What We Know
OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector

Latest Publications

Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Autodesk Drive Abused in Phishing Attacks 
Google fixed critical Chrome vulnerability CVE-2024-4058
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!