Joomla XSS Bugs Open Millions of Websites to RCE

Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.

Dark Reading Staff, Dark Reading

February 20, 2024

1 Min Read
Workspace with computer and smartphone, joomla logo on screen.
Source: Jorge Pérez via Alamy Stock Photo

The Joomla open source content management system (CMS) is vulnerable to multiple cross-site scripting (XSS) security vulnerabilities that could allow remote code execution (RCE).

Sonar's Vulnerability Research Team discovered that one fundamental flaw, tracked as CVE-2024-21726, is at the heart of the issues. It affects Joomla's core filter component.

"Inadequate content filtering leads to XSS vulnerabilities in various components," according to Joomla's advisory, which called the bug "moderate" but did not include a CVSS vulnerability-severity score.

Cyberattackers can exploit XSS bugs to inject malicious scripts into benign and trusted websites, which can in turn steal visitor information, perform malicious redirects, or infect users with malware. In this case, assailants can trigger the issues by convincing an administrator to click on a malicious link.

Joomla powers around 2% of all websites, with most deployments publicly accessible — making it an ongoing target for threat actors. The issue is patched in Joomla versions 5.0.3/4.4.3, released today, so users should update ASAP to avoid falling prey to attackers.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights