[20230501] - Core - Open Redirects and XSS within the mfa selection

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Probability: Low
Versions: 4.2.0-4.3.1
Exploit type: Open Redirect / XSS
Reported Date: 2023-02-28
Fixed Date: 2023-05-28
CVE Number: CVE-2023-23754

Description

Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

Affected Installs

Joomla! CMS versions 4.2.0-4.3.1

Solution

Upgrade to version 4.3.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Srpopty from huntr.dev