Joomla Addresses XSS Vulnerabilities Potentially Leading to RCE Attacks

February 21, 2024

Joomla, a widely-used content management system, has resolved five vulnerabilities that could have been exploited to run arbitrary code on susceptible websites. The security issues affected numerous versions of Joomla, but have been rectified in versions 5.0.3 and 4.4.3 of the CMS.

The most critical vulnerability, identified as CVE-2024-21725, carries a high risk and a high likelihood of exploitation. Another flaw, an XSS (Cross-Site Scripting) vulnerability tagged as CVE-2024-21726, impacts Joomla's core filter component. While this vulnerability has a moderate severity and exploitation probability, Stefan Schiller, a vulnerability researcher at code inspection tools provider Sonar, warns that it could potentially be used to achieve remote code execution.

"Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link," Schiller noted. XSS vulnerabilities can enable attackers to inject harmful scripts into content that is then served to other users, typically facilitating the execution of unsafe code through the victim's browser. To exploit this flaw, user interaction is required, meaning an attacker would need to deceive a user with administrator privileges into clicking on a malicious link.

While the necessity for user interaction reduces the severity of the vulnerability, attackers are often savvy enough to create effective lures. Alternatively, they can initiate so-called "spray-and-pray" attacks, where a larger audience is exposed to the malicious links in the hopes that some users will click on them.

Sonar has refrained from sharing any technical details about the flaw and how it can be exploited, to allow a greater number of Joomla administrators to implement the available security updates. "While we won't be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk," Schiller stated in the alert, underlining that all Joomla users should update to the latest version.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.