The Joomla open-source content management system (CMS) faces a critical security threat as multiple cross-site scripting (XSS) vulnerabilities have been identified, potentially leading to remote code execution (RCE).
Discovered by Sonar’s Vulnerability Research Team, the root cause of these vulnerabilities is a fundamental flaw, identified as CVE-2024-21726, impacting Joomla’s core filter component.
Joomla’s advisory acknowledges the severity of the issue, stating, “Inadequate content filtering leads to XSS vulnerabilities in various components.” However, the advisory does not provide a CVSS vulnerability-severity score, categorizing the bug as “moderate.”
Exploiting XSS vulnerabilities allows cyber attackers to inject malicious scripts into trusted websites, leading to potential theft of visitor information, malicious redirects, or the distribution of malware. In this case, attackers could activate the vulnerabilities by persuading an administrator to click on a malicious link.
Given that Joomla powers approximately 2% of all websites, and many deployments are publicly accessible, it becomes a prime target for threat actors. The identified issue has been addressed in the latest Joomla versions, 5.0.3 and 4.4.3, released today. Users are strongly advised to update promptly to prevent falling victim to potential attacks.