Hoàng Nguyễn

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.7.0 through 3.10.6 **Description** The issue is related to a lack of input validation, which could allow an XSS attack using `com fields`. **Recommendations** For Joomla! versions 3.7.0 through 3.10.6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to `com fields` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0 **Description** An issue was discovered in Joomla! where inadequate filtering on the selected Ids in a request could result in a possible SQL injection. **Recommendations** For Joomla! versions 3.0.0 through 3.10.6, update to a version outside of this range to mitigate the risk. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL queries to minimize the risk of exploitation.