The open-source project responsible for maintaining Joomla, a widely used content management system, has released a patch to address Critical XSS Vulnerabilities in Joomla.
These vulnerabilities, discovered by SonarSource researchers, can potentially expose millions of websites to attacks that enable remote code execution.
The Critical XSS Vulnerabilities in Joomla Allow RCE (Remote Code Execution)
The flaws are attributed to inadequate content filtering within the filter code. Exploiting the vulnerability (tracked as CVE-2024-21726) could allow attackers to deceive system administrators into clicking on malicious links, leading to remote code execution.
“While we won’t be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk. We strongly advise all Joomla users to update to the latest version,”
Joomla said.
Prominent entities utilizing Joomla include Croatian newspapers Jutarnji List and Slobodna Dalamcija, as well as the website of the Indian national identity authority. A critical component of Joomla is its core filter, which is responsible for filtering and sanitizing user input.
This component plays a crucial role in ensuring security by validating and cleaning data entered by users, thereby preventing incidents like cross-site scripting attacks. Along with addressing two XSS vulnerabilities, Joomla’s latest version, 5.0.3 of the content management system, also resolves additional flaws.
According to Stefan Schiller, a researcher from SonarSource, the identified vulnerability enables an attacker to create a manipulated link that injects a JavaScript payload into the targeted website.
“When the attacker tricks an administrator into clicking on this link, the injected JavaScript payload is executed in the context of the administrator. This allows the attacker to gain remote code execution and thus fully compromise the Joomla server,”
Schiller said.
