Security News > 2024 > February > Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.
Another issue, an XSS tracked as CVE-2024-21726, affects Joomla's core filter component.
XSS flaws can allow attackers to inject malicious scripts into content served to other users, typically enabling the execution of unsafe code through the victim's browser.
Sonar did not share any technical details about the flaw and how it can be exploited, to allow a larger number of Joomla admins to apply the available security updates.
SolarWinds fixes critical RCE bugs in access rights audit solution.
News URL
Related news
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-21726 | Inadequate content filtering leads to XSS vulnerabilities in various components. | 0.0 |
| 2024-02-29 | CVE-2024-21725 | Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | 0.0 |