Joomla Vulnerability Security Update Advisory
Overview
An update has been made available to fix vulnerabilities in Joomla. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-21725
- Joomla! CMS versions 4.0.0-4.4.2, 5.0.0-5.0.2
CVE-2024-21726
- Joomla! CMS 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 versions
CVE-2024-21724
- Joomla! CMS 1.6.0 through 3.10.14-elts, 4.0.0 through 4.4.2, 5.0.0 through 5.0.2 versions
Resolved Vulnerabilities
XSS vulnerability in Joomla due to improperly escaping mail addresses (CVE-2024-21725)
XSS vulnerability due to improper content filtering in Joomla (CVE-2024-21726)
XSS vulnerability due to improper input validation for media selection fields in Joomla (CVE-2024-21724)
Vulnerability Patches
Vulnerability patches were made available in the February 20, 2024 update. Please refer to the reference site to update to the latest vulnerability patch version.
CVE-2024-21725
- CVE-2024-21725 is a vulnerability in Joomla! CMS versions 4.4.3, 5.0.3
CVE-2024-21726, CVE-2024-21724
- Joomla! CMS 3.10.15-elts, 4.4.3, 5.0.3 versions
Referenced Sites
[1] Security Announcements
[20240205] – Core – Inadequate content filtering within the filter code
https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html
[2] Security Announcements
[20240204] – Core – XSS in mail address outputs
https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html
[3] Security Announcements
[20240203] – Core – XSS in media selection fields
https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html