Security News > 2024 > February > Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.
Another issue, an XSS tracked as CVE-2024-21726, affects Joomla's core filter component.
XSS flaws can allow attackers to inject malicious scripts into content served to other users, typically enabling the execution of unsafe code through the victim's browser.
Sonar did not share any technical details about the flaw and how it can be exploited, to allow a larger number of Joomla admins to apply the available security updates.
SolarWinds fixes critical RCE bugs in access rights audit solution.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-21726 | Inadequate content filtering leads to XSS vulnerabilities in various components. | 0.0 |
| 2024-02-29 | CVE-2024-21725 | Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | 0.0 |