Security News > 2024 > February > Joomla fixes XSS flaws that could expose sites to RCE attacks

Joomla fixes XSS flaws that could expose sites to RCE attacks
2024-02-21 22:55

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.

The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.

Another issue, an XSS tracked as CVE-2024-21726, affects Joomla's core filter component.

XSS flaws can allow attackers to inject malicious scripts into content served to other users, typically enabling the execution of unsafe code through the victim's browser.

Sonar did not share any technical details about the flaw and how it can be exploited, to allow a larger number of Joomla admins to apply the available security updates.

SolarWinds fixes critical RCE bugs in access rights audit solution.


News URL

https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Joomla 129 12 388 460 16 876