Security Announcements
This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
- Exploit type: XSS
- Reported Date: 2024-06-09
- Fixed Date: 2024-07-09
- CVE Number: CVE-2024-26278
Description
Affected Installs
Joomla! CMS versions 3.7.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
Solution
Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
- Exploit type: XSS
- Reported Date: 2024-06-08
- Fixed Date: 2024-07-09
- CVE Number: CVE-2024-26279
Description
Affected Installs
Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
Solution
Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Low
- Versions: 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
- Exploit type: XSS
- Reported Date: 2024-06-08
- Fixed Date: 2024-07-09
- CVE Number: CVE-2024-21731
Description
Affected Installs
Joomla! CMS versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1
Solution
Upgrade to version 3.10.16-elts, 4.4.6 or 5.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.4.5, 5.0.0-5.1.1
- Exploit type: XSS
- Reported Date: 2024-06-03
- Fixed Date: 2024-07-09
- CVE Number: CVE-2024-21730
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1
Solution
Upgrade to version 4.4.6 or 5.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Moderate
- Versions: 4.0.0-4.4.5, 5.0.0-5.1.1
- Exploit type: XSS
- Reported Date: 2024-02-20
- Fixed Date: 2024-07-09
- CVE Number: CVE-2024-21729
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.4.5, 5.0.0-5.1.1
Solution
Upgrade to version 4.4.6 or 5.1.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla! / Joomla! Framework
- SubProject: CMS / filter
- Impact: Moderate
- Severity: Moderate
- Probability: Moderate
- Versions: 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
- Exploit type: XSS
- Reported Date: 2023-11-22
- Fixed Date: 2024-02-20
- CVE Number: CVE-2024-21726
Description
Affected Installs
Joomla! CMS versions 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
Solution
Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Probability: High
- Versions: 4.0.0-4.4.2, 5.0.0-5.0.2
- Exploit type: XSS
- Reported Date: 2024-01-30
- Fixed Date: 2024-02-20
- CVE Number: CVE-2024-21725
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.4.2, 5.0.0-5.0.2
Solution
Upgrade to version 4.4.3 or 5.0.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Probability: Moderate
- Versions: 1.6.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
- Exploit type: XSS
- Reported Date: 2024-01-09
- Fixed Date: 2024-02-20
- CVE Number: CVE-2024-21724
Description
Affected Installs
Joomla! CMS versions 1.6.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
Solution
Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
- Exploit type: Open Redirect
- Reported Date: 2023-11-08
- Fixed Date: 2024-02-20
- CVE Number: CVE-2024-21723
Description
Affected Installs
Joomla! CMS versions 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
Solution
Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
- Exploit type: Insufficient Session Expiration
- Reported Date: 2023-11-29
- Fixed Date: 2024-02-20
- CVE Number: CVE-2024-21722
Description
Affected Installs
Joomla! CMS versions 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2
Solution
Upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3
Contact
The JSST at the Joomla! Security Centre.