Governance & Risk Management
,
Patch Management
Millions of Websites Potentially at Risk
Cross-site scripting vulnerabilities in Joomla, a widely used free-source content management system, were fixed in a patch published Tuesday by the open-source project that maintains the software.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
Joomla is used to power roughly 2% of global websites, according to W3Techs, and the flaws potentially expose millions of websites to attacks that can end with remote code execution.
Researchers from SonarSource said a core issue behind the XSS vulnerabilities – there are two – stems from inadequate content filtering within the filter code. Attackers could use the flaw, tracked as CVE-2024-21726, to trick a system administrator into clicking on a malicious link that leads to remote code execution.
“While we won’t be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk. We strongly advise all Joomla users to update to the latest version,” the company said. Notable users of Joomla are Croatian newspapers Jutarnji List and Slobodna Dalamcija and the website of the Indian national identity authority.
Joomla’s core filter component is responsible for filtering and sanitizing user input to ensure security and prevent incidents such as XSS attacks. It helps validate and clean data entered by users to protect the system from potentially harmful input. The component is crucial for maintaining the integrity and security of content within the Joomla content management system.
Joomla said version 5.0.3 of the content management system should mitigate two XSS vulnerabilities as well as additional flaws.
Stefan Schiller, a SonarSource researcher, told Information Security Media Group that the vulnerability allows an attacker to craft a malicious link that injects a JavaScript payload into the website.
“When the attacker tricks an administrator into clicking on this link, the injected JavaScript payload is executed in the context of the administrator. This allows the attacker to gain remote code execution and thus fully compromise the Joomla server,” Schiller said.