{"id":24045,"date":"2024-02-28T11:11:00","date_gmt":"2024-02-28T19:11:00","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17775\/"},"modified":"2024-02-28T11:11:00","modified_gmt":"2024-02-28T19:11:00","slug":"news-17775","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17775\/","title":{"rendered":"Joomla! patches XSS flaws that could lead to remote code execution"},"content":{"rendered":"\n<p>On February 20, Joomla! posted <a href=\"https:\/\/developer.joomla.org\/security-centre.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">details<\/a> about four vulnerabilities it had fixed in its Content Management System (CMS), and one in the Joomla! Framework that affects the CMS.<\/p>\n<p><a href=\"https:\/\/www.joomla.org\/about-joomla.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Joomla!<\/a>\u00a0is an open-source CMS that\u2019s been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. There are lots of advantages to using a popular CMS, but if you do you should keep an eye out for updates. And this looks like an important one.<\/p>\n<p>Just last month, a vulnerability patched in February 2023 was added to CISA\u2019s catalog of known exploited vulnerabilities, suggesting a lack of patching urgency by some Joomla! owners. Let\u2019s see if we can avoid duplicating that scenario.<\/p>\n<p>To make this happen, Joomla! CMS users should upgrade to version 3.10.15-elts, 4.4.3 or 5.0.3. The latest releases that include the fixes are available for download. Links can be found on the <a href=\"https:\/\/www.joomla.org\/announcements\/release-news\/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">release news page<\/a>. The latest versions can always be found on the <a href=\"https:\/\/downloads.joomla.org\/latest\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">latest release tab<\/a>. The extended long term support (elts) versions can be found on the <a href=\"https:\/\/elts.joomla.org\/release-notes\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">dedicated elts site<\/a>.<\/p>\n<p>The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. We\u2019ll list them below,\u00a0 but the descriptions of the vulnerabilities require some explaining.<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2024-21722\">CVE-2024-21722<\/a>: The <a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\">multi-factor authentication<\/a> (MFA) management features did not properly terminate existing user sessions when a user&#8217;s MFA methods have been modified. This suggest that logged-in users could stay logged in if an administrator changed their MFA method. This is a problem if you are changing the MFA method because you suspect there has been unauthorized access.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-21723\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-21723<\/a>: Inadequate parsing of URLs could result into an open redirect. An open redirect vulnerability occurs when an application allows a user to control how an HTTP redirect behaves. Phishers love open redirects on legitimate sites because the URLs look like they go to the legitimate site, when in fact they redirect to another site.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-21724\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-21724<\/a>: Inadequate input validation for media selection fields lead to Cross-site scripting (XSS) vulnerabilities in various extensions. XSS is a type of vulnerability that allows an attacker to inject malicious code into a site\u2019s content. Input validation should stop that injection.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-21725\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-21725<\/a>: Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. According to Joomla! this is the vulnerability with the highest exploitation probability. A website user could input data in the email address field that would cause a XSS vulnerability because it was not properly escaped. Email addresses need to be escaped because otherwise they could be interpreted as HTML code.<\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-21726\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-21726<\/a>: Inadequate content filtering leads to XSS vulnerabilities in various components. This is the vulnerability in the Joomla! Framework. Apparently there has been an oversight in the filtering code which can cause XSS vulnerabilities in several components. <a href=\"https:\/\/www.sonarsource.com\/blog\/joomla-multiple-xss-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Researchers<\/a> found that attackers can exploit this issue to gain remote code execution by tricking an administrator into clicking on a malicious link.<\/li>\n<\/ul>\n<p>These researchers also urged users to update their CMS:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201c&#8221;While we won&#8217;t be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk.&#8221;<\/p>\n<\/blockquote>\n<h3 class=\"wp-block-heading\" id=\"h-secure-your-cms\">Secure your CMS<\/h3>\n<p>There are a few obvious and easy-to-remember rules to keep in mind if you want to use a CMS without compromising your security. They are as follows:<\/p>\n<ul>\n<li>Choose a CMS from an organization that actively looks for and fixes security vulnerabilities.<\/li>\n<li>If it has a mailing list for informing users about patches, join it.<\/li>\n<li>Enable automatic updates if the CMS supports them.<\/li>\n<li>Use the fewest number of plugins you can, and do your due diligence on the ones you use.<\/li>\n<li>Keep track of the changes made to your site and its source code.<\/li>\n<li>Secure accounts with two-factor authentication (<a href=\"https:\/\/www.malwarebytes.com\/blog\/101\/2017\/01\/understanding-the-basics-of-two-factor-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">2FA<\/a>).<\/li>\n<li>Give users the minimum access rights they need to do their job.<\/li>\n<li>Limit file uploads to exclude code and executable files, and monitor them closely.<\/li>\n<li>Use a Web Application Firewall (WAF).<\/li>\n<\/ul>\n<p>If your CMS is hosted on your own servers, be aware of the dangers that this setup brings and keep it separated from other parts of your network.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on vulnerabilities\u2014we identify them, and prioritize action.<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using\u00a0<a href=\"https:\/\/www.malwarebytes.com\/business\/vulnerability-patch-management\">ThreatDown Vulnerability and Patch Management<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/joomla-patches-xss-flaws-that-could-lead-to-remote-code-execution\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Time to get patching! <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[18462,30947,30948,30949,30950,30951,22783,18061,32,15775],"class_list":["post-24045","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cms","tag-cve-2024-27122","tag-cve-2024-27123","tag-cve-2024-27124","tag-cve-2024-27125","tag-cve-2024-27126","tag-exploits-and-vulnerabilities","tag-joomla","tag-news","tag-xss"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24045"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24045\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24045"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}