CVE-2024-21726

Name of the Vulnerable Software and Affected Versions Joomla versions 5.0.2 and below Joomla versions 4.4.2 and below

Description Inadequate content filtering in Joomla leads to multiple XSS vulnerabilities in various components. Attackers can trick administrators into clicking on a malicious link, potentially granting them full control of the website and allowing for remote code execution (RCE). The issue is estimated to affect over 2.7 million services, mainly distributed in the United States, Germany, and other countries.

Recommendations For Joomla versions 5.0.2 and below: Update to a version with the fix for this issue. For Joomla versions 4.4.2 and below: Update to a version with the fix for this issue. As a temporary workaround, consider restricting access to administrative areas of the website to minimize the risk of exploitation.