Joomla [1] [2] [3], an open-source content management system [2], has been identified with two cross-site scripting (XSS) vulnerabilities [2], tracked as CVE-2024-21726 [1] [3], by Sonar’s Vulnerability Research Team [1] [2].

Description

These vulnerabilities stem from inadequate content filtering within Joomla’s core filter component [3], enabling attackers to inject malicious scripts into websites [2]. By luring system administrators into clicking on malicious links [1] [3], remote code execution can be achieved. It is crucial for Joomla users to update to versions 5.0.3/4.4.3 to address these vulnerabilities and prevent potential exploitation.

Conclusion

It is imperative for Joomla users to promptly update their systems to the recommended versions to mitigate the risks posed by these vulnerabilities. Failure to do so could result in unauthorized access and compromise of sensitive information. Moving forward, it is essential for developers to prioritize robust security measures to safeguard against similar vulnerabilities in the future.

References

[1] https://securityboulevard.com/2024/02/joomla-multiple-xss-vulnerabilities/
[2] https://www.darkreading.com/application-security/joomla-xss-bugs-open-millions-websites-rce
[3] https://www.bankinfosecurity.com/joomla-cms-patches-critical-xss-vulnerabilities-a-24407