According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities.
HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. (CVE-2021-26032)
A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. (CVE-2021-26033)
A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. (CVE-2021-26034)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26034
developer.joomla.org/security-centre/852-20210501-core-adding-html-to-the-executable-block-list-of-mediahelper-canupload.html
developer.joomla.org/security-centre/853-20210502-core-csrf-in-ajax-reordering-endpoint.html
developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html