Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution

Home/Exploitation, Internet Security, Mobile Security, Remote code execution, Security Advisory, Security Update, vulnerability/Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution

Multiple Cross-Site Scripting (XSS) Flaws in Joomla Could Result in Remote Code Execution

Five vulnerabilities have been discovered within the Joomla content management system that could be exploited to execute arbitrary code on vulnerable websites.

Multiple Cross-Site Scripting (XSS) Flaws in Joomla

The vendor has addressed the security issues affecting multiple versions of Joomla, and fixes are available in versions 5.0.3 and 4.4.3 of the CMS.

  • CVE-2024-21722: The MFA administration options didn’t correctly termine current consumer periods when a consumer’s MFA strategies have been modified.
  • CVE-2024-21723: Insufficient parsing of URLs may end result into an open redirect.
  • CVE-2024-21724: Insufficient enter validation for media choice fields result in cross-site scripting (XSS) vulnerabilities in varied extensions.
  • CVE-2024-21725: Insufficient escaping of mail addresses result in XSS vulnerabilities in varied elements
  • CVE-2024-21726: Insufficient content material filtering inside the filter code resulting in a number of XSS


Another issue, an XSS tracked as CVE-2024-21726, affects Joomla’s core filter component. It has moderate severity and exploitation potential, but Stefan Schiller, a vulnerability researcher at code inspection tools provider Sonar, warns that it could be leveraged to achieve remote code execution.

“Attackers can exploit the issue to achieve remote code execution by tricking an administrator into clicking on a malicious link,” said Schiller.

XSS flaws can enable attackers to inject malicious scripts into content served to other users, typically allowing the execution of unsafe code through the victim’s browser.


Exploiting the issue requires user interaction. An attacker would need to trick a user with administrator privileges into clicking on a malicious link.

Although the user interaction lowers the severity of the vulnerability, attackers are clever enough to come up with convincing lures. Alternatively, they may launch so-called “spray-and-pray” attacks, where a larger audience is exposed to the malicious links with the hope that some users would click on them.

Sonar did not share any technical details about the flaw and how it can be exploited, to enable a larger number of Joomla admins to apply the available security updates.

“While we cannot be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk,” Schiller says in the alert, stressing that all Joomla users should update to the latest version.

Post Views: 194
By | 2024-02-26T08:43:12+05:30 February 22nd, 2024|Exploitation, Internet Security, Mobile Security, Remote code execution, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!