Article Details

Joomla fixes XSS flaws that could expose sites to RCE attacks. Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability. Remote code execution risk Another issue, an XSS tracked as CVE-2024-21726, affects Joomla’s core filter component. It has a moderate severity and exploitation probability but Stefan Schiller, a vulnerability researcher at code inspection tools provider Sonar, warns that it could be leveraged to achieve remote code execution. “Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link,” said Schiller. XSS flaws can allow attackers to inject malicious scripts into content served to other users, typically enabling the execution of unsafe code through the victim's browser. Exploiting the issue requires user interaction. An attacker would need to trick a user with administrator privileges to click on a malicious link. Although the user interaction lowers the severity of the vulnerability, attackers are clever enough to come up with proper lures. Alternatively, they can launch so-called "spray-and-pray" attacks, where a larger audience is exposed to the malicious links with the hope that some users would click them. Sonar did not share any technical details about the flaw and how it can be exploited, to allow a larger number of Joomla admins to apply the available security updates. "While we won't be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk," Schiller says in the alert, stressing that all Joomla users should update to the latest version.