According to its self-reported version, the instance of Joomla! running on the remote web server is 4.2.x prior to 4.3.2. It is, therefore, affected by multiple vulnerabilities.
An open redirect and a Cross-Site Scripting (XSS) within the mfa selection. (CVE-2023-23754)
A lack of rate limiting allowing brute force attacks against MFA methods. (CVE-2023-23755)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23755
developer.joomla.org/security-centre/899-20230501-core-openredirects-and-xss-within-the-mfa-selection
developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen
www.joomla.org/announcements/release-news/5887-joomla-4-3-2-security-and-bug-fix-release.html