PT-2022-16273 · Joomla · Joomla!
Julia Polner
+1
·
Published
2022-03-30
·
Updated
2025-04-03
·
CVE-2022-23801
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 4.0.0 through 4.1.0
Description
An issue was discovered in Joomla, allowing a possible XSS attack vector through SVG embedding in com media.
Recommendations
For Joomla! versions 4.0.0 through 4.1.0, consider disabling the SVG embedding feature in com media as a temporary workaround until a patch is available. Restrict access to com media to minimize the risk of exploitation. Avoid using SVG files in com media until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!