CVE-2023-23754Improper Input Validation in Joomla !

CWE-20Improper Input ValidationCWE-601Open RedirectCWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 94.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedMay 30

Description

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDjoomla/joomla_!4.2.04.3.2
CVEListV5joomla!_project/joomla!_cms4.2.0-4.3.1

🔴Vulnerability Details

2
GHSA
GHSA-6wpq-rvpm-6542: An issue was discovered in Joomla! 42023-05-30
CVEList
[20230501] - Core - Open Redirect and XSS within the mfa select2023-05-30
CVE-2023-23754 — Improper Input Validation in Joomla ! | cvebase