/plushcap/analysis/sonar/joomla-multiple-xss-vulnerabilities

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

What's this blog post about?

Sonar's Vulnerability Research Team discovered multiple XSS vulnerabilities in the popular Content Management System (CMS) Joomla. The issue, tracked as CVE-2024-21726, affects Joomla’s core filter component and can be exploited by attackers to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP's mbstring functions handle invalid multibyte sequences. This issue was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. Joomla released version 5.0.3/4.4.3, which mitigates the vulnerability.

Company
Sonar

Date published
Feb. 20, 2024

Author(s)
Stefan Schiller

Word count
1259

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.