This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113950Joomla! 4.2.x < 4.3.2 Multiple Vulnerabilities
EPSS
Percentile
49.3%
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.2.x prior to 4.3.2. It is, therefore, affected by multiple vulnerabilities.
-
An open redirect and a Cross-Site Scripting (XSS) within the mfa selection. (CVE-2023-23754)
-
A lack of rate limiting allowing brute force attacks against MFA methods. (CVE-2023-23755)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23755
developer.joomla.org/security-centre/899-20230501-core-openredirects-and-xss-within-the-mfa-selection
developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen
www.joomla.org/announcements/release-news/5887-joomla-4-3-2-security-and-bug-fix-release.html
Related
