• Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla.
• The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726.
• Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link.
• The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences.
• The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions.
  • Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.

Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code