Key Information

• Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla.
• The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726.
• Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link.
• Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.

Joomla

Joomla is a free and open-source Content Management System (CMS) used for building websites and online applications. Roughly 2% of all websites use Joomla, which makes it one of the most popular CMSs with millions of deployments worldwide.

The widespread usage of Joomla and the fact that most deployments are publicly accessible makes it a valuable target for threat actors. Just recently, Joomla was targeted in an attack against different organizations via an improper access control vulnerability (CVE-2023-23752).

Impact

Joomla versions 5.0.2/4.4.2 and below are prone to multiple XSS vulnerabilities. Attackers tricking an administrator into clicking on a malicious link can gain remote code execution (RCE).

While we won't be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk. We strongly advise all Joomla users to update to the latest version. The first release known to address the vulnerability is Joomla version 5.0.3/4.4.3.

You can follow us via @Sonar_Research or @[email protected] for any updates on the technical details.

*** This is a Security Bloggers Network syndicated blog from Sonar Blog RSS feed authored by Stefan Schiller. Read the original post at: https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities