This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114218Joomla! 1.5.x < 4.4.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 1.5.x prior to 4.4.3 or 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities.
-
An insufficient session expiration in MFA management views. (CVE-2024-21722)
-
An open redirect in installation application. (CVE-2024-21723)
-
A Cross-Site Scripting (XSS) in media selection fields. (CVE-2024-21724)
-
A Cross-Site Scripting (XSS) in mail address outputs. (CVE-2024-21725)
-
An inadequate content filtering within the filter code. (CVE-2024-21726)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21726
developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html
developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html
developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html
developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html
developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html
www.joomla.org/announcements/release-news/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html
Related
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.9%