CVE-2022-23798 — Open Redirect in Joomla !

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 90.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !Joomla! Project Joomla! CMS

Timeline

PublishedMar 30

Latest updateMar 31

Description

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDjoomla/joomla_!2.5.0 — 3.10.6+1

▶CVEListV5joomla!_project/joomla!_cms2.5.0-3.10.6 & 4.0.0-4.1.0

🔴Vulnerability Details

GHSA

GHSA-7gq4-cwqg-9hj4: An issue was discovered in Joomla! 2↗2022-03-31

▶

CVEList

[20220306] - Core - Inadequate validation of internal URLs↗2022-03-30

▶