Search
Close this search box.
DoD-Cyber-Security-Blogs Joomla

Joomla fixes XSS vulnerabilities that could make RCE attacks possible on websites.

The Joomla content management system has five vulnerabilities that could be used to program arbitrary code on websites that are vulnerable.

Versions&nbsp, 5.0.3 and 4.4.3 of the CMS have fixes, and the vendor has fixed the security problems that affect various Joomla versions.

    When a user’s MFA methods have been changed, CVE-2024-21722 does not properly end existing user sessions.

  • CVE-2024-21723: Insufficient URL parsing may cause an open redirect.
  • Cross-site scripting ( XSS) vulnerabilities in various extensions are caused by inadequate input validation for media selection fields in CVE-2024-21724.
  • CVE-2024-21725: A number of components have XSS vulnerabilities as a result of insufficient mail address escaping.
  • CVE-2024-21726: Multiple XSS are caused by insufficient content filtering within the filter code.

According to Joomla’s advisory, the vulnerability with the highest severity risk and highest likelihood of exploitation is CVE-2024-21725.

Risk of remote code execution

Another problem with Joomla’s core filter component is an XSS that is marked as CVE-2024-21726. Although it has a low severity and likelihood of being exploited, Sonar’s code inspection tools provider Stefan Schiller warns that remote code execution may be possible using it.

Hackers can take advantage of the vulnerability to trick an administrator into clicking on a malicious link, according to Schiller.

Flaws in XSS&nbsp can enable attackers to insert malicious scripts into content provided to other users, usually allowing the victim’s browser to run unsafe code.

User interaction is necessary to take advantage of the problem. To get someone to click on a malicious link, an attacker would need to use administrator privileges and nbsp.

Although user interaction lessens the vulnerability’s severity, attackers are still able to create effective lures. They can also use so-called” spray-and-pray” attacks, which expose a larger audience to malicious links in the hopes that some users will click them.

To make it easier for more Joomla admins to apply the available security updates, Sonar withheld any technical information about the flaw or how it can be exploited.

In the alert, Schiller emphasizes that all Joomla users should update to the most recent version, even though we wo n’t be disclosing technical details at this time.

Lean More About DoD Cybersecurity, Cyber Threats and Related Contents

Learn why IDShield offers the best security and value.

www.sentrypc.com

PureVPN - Best VPN and Your Trusted Partner for Internet Freedom

🔥BIG SAVINGS 82% Off PureVPN.🔥 Secure Your Online Privacy Now. LIMITED OFFER!

🔥 SAVE 82% OFF 🔥 on PureVPN! Limited Offer – Enhance Your Digital Security Today.
Click To View Offer on PureVPN Website

NordVPN - Your Passport to Unrestricted Freedom

Embrace Digital Freedom and Security with NordVPN.
🔥Up To 63% Off🔥

Start Today Your Journey to a Safer Internet Today!
Click To View Offer on NordVPN Website

Protect Your Data with DeleteMe the Go-To-Solution

DeleteMe is Your Guardian Against Identity Theft and Online Exposure!
🔥Take 20% Off - Click Here to View Code🔥
Malwarebytes Browser Guard filters out annoying ads and scams while blocking trackers that spy on you.
Malwarebytes for Home | Anti-Malware Premium | Free Trial Download
Try Ultahost - The best place to get secure, inexpensive shared web hosting services!
View deals and specials on Used Macs, Mac hardware, Mac accessories, and more. Shop now!

DoD Cybersecurity protecting your digital world one secure step at a time with DoD Cybersecurity Blogs.
DoDCybersecurityblogs.com | All Rights Reserved | Designed by Omar Solomon

Skip to content