Multiple Cross-site scripting XSS vulnerabilities found in Joomla

A group of pentest training specialists has reported the finding of multiple vulnerabilities in Joomla, one of the most widely used content management systems (CMS) in the world. According to the report, successful exploitation of these flaws could lead to scenarios such as cross-site scripting (XSS) attacks, request forgery, among others.

Below is a brief description of the reported vulnerabilities, in addition to their respective scores according to the Common Vulnerability Scoring System (CVSS). It should be noted that none of these flaws has a CVSS key assigned.

The first of the reported flaws exists due to inadequate disinfection of user input in the header tag option in some CMS modules and would allow the deployment of cross-site scripting (XSS) attacks. 

Successful exploitation of this vulnerability would allow remote threat actors to steal sensitive information, modify the appearance of an attacked website, or perform phishing attacks.

The flaw received a score of 4.7/10 on the CVSS scale, so it is considered low severity. Although it could be exploited remotely, an exploit has not been detected to trigger this attack. 

The second reported vulnerability, with a CVSS score of 5.7/10, exists because the default setting of the “textfilter” function does not block HTML entries for ‘Guest’ users, which would allow malicious hackers to deploy an XSS attack.    

Like the previous case, this vulnerability could be exploited remotely, although there is no exploit to trigger this attack, pentest training experts noted.

The third report refers to a vulnerability existing due to inadequate debugging in the data entered into com_modules; a remote hacker could trick a target user into opening a specially crafted link in order to execute arbitrary HTML in the context of a vulnerable website. This flaw also leads to XSS attack scenarios.

This flaw received a CVSS score of 5.3/10, so it is considered low risk even though it could be exploited remotely by unauthenticated hackers. Pentest training experts mention that its low score is due to the complexity of exploitation.

The last reported vulnerability exists due to insufficient validation of the origin of HTTP requests in the com_postinstall component, which could allow cross-site request forgery (XSRF) attacks.

The flaw received a score of 5/10, making it an average security error. Like the previous cases, the flaw can be exploited by unauthenticated remote hackers, although an exploit does not yet exist. 

According to the International Institute of Cyber Security (IICS), Joomla recognized the report and began working on corrections immediately. Updates are now available, and website administrators should only verify that the installation completes successfully.