Bui Duc Anh Khoa

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.9.24 **Description** An issue was discovered in the template manager due to missing input validation. **Recommendations** For versions 3.2.0 through 3.9.24, update to a version that includes input validation in the template manager.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.24 **Description** An issue was discovered that could lead to xss issues due to missing filtering of messages shown to users. **Recommendations** For Joomla! versions 2.5.0 through 3.9.24, update to a version that includes the necessary filtering to prevent xss issues.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.24 **Description** An issue was discovered that could lead to XSS issues due to missing filtering of feed fields. **Recommendations** For Joomla! versions 2.5.0 through 3.9.24, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.20 **Description** A missing token check in the "ajax install" endpoint of com installer causes a CSRF issue. **Recommendations** For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.9.19 and earlier **Description** A missing token check in the remove request section of com privacy causes a CSRF issue. **Recommendations** For versions 3.9.19 and earlier, update to a version that includes the fix for the missing token check in the com privacy component.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.19 **Description** The issue is related to missing token checks in the com postinstall component, which leads to Cross-Site Request Forgery (CSRF). CSRF is an attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 3.9.19, update to version 3.9.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the com postinstall component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.19 **Description** The issue arises from incorrect input validation of the module tag option in com modules, allowing for cross-site scripting (XSS). **Recommendations** For versions prior to 3.9.19, update to version 3.9.19 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.19 **Description** The issue is related to a lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules, which allows for cross-site scripting (XSS). **Recommendations** For versions prior to 3.9.19, update to version 3.9.19 or later to resolve the issue. As a temporary workaround, consider disabling the "Articles - Newsflash" and "Articles - Categories" modules until a patch is available. Restrict access to these modules to minimize the risk of exploitation.