• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: High
  • Probability: High
  • Versions: 4.0.0-4.4.2, 5.0.0-5.0.2
  • Exploit type: XSS
  • Reported Date: 2024-01-30
  • Fixed Date: 2024-02-20
  • CVE Number: CVE-2024-21725

Description

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 4.0.0-4.4.2, 5.0.0-5.0.2

Solution

Upgrade to version 4.4.3 or 5.0.3

Contact

The JSST at the Joomla! Security Centre.