CVE-2024-21726
published 2024-02-29CVE-2024-21726: Inadequate content filtering leads to XSS vulnerabilities in various components.
PriorityP345medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
EPSS
48.84%
98.7th percentile
Inadequate content filtering leads to XSS vulnerabilities in various components.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla!_project | joomla!_cms | — | — |
| joomla!_project | joomla!_cms | — | — |
| joomla!_project | joomla!_cms | — | — |
| joomla | joomla_! | 3.7.0 – 3.10.15 | — |
| joomla | joomla_! | >= 4.0.0 < 4.4.3 | 4.4.3 |
| joomla | joomla_! | >= 5.0.0 < 5.0.3 | 5.0.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
26th February – Threat Intelligence Report
blogs_checkpoint·2024-02-26
CVE-2024-1708 26th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th February, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The American Prince George’s County Public Schools (PGCPS) has experienced a ransomware attack that compromised the personal data of nearly 100K individuals. The attack exposed individuals’ full names, financial account information, and Social Security Numbers. The Rhysida ransomware gang is reportedly responsible for t
Bleepingcomputer
Joomla fixes XSS flaws that could expose sites to RCE attacks
blogs_bleepingcomputer·2024-02-21·CVSS 6.3
CVE-2024-21722 [MEDIUM] Joomla fixes XSS flaws that could expose sites to RCE attacks
## Joomla fixes XSS flaws that could expose sites to RCE attacks
## Bill Toulas
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS.
CVE-2024-21722 : The MFA management features did not properly termine existing user sessions when a user's MFA methods have been modified.
CVE-2024-21723 : Inadequate parsing of URLs could result into an open redirect.
CVE-2024-21724 : Inadequate input validation for media selection fields lead to cross-site scripting (XSS) vulnerabilities in various extensions.
CVE-2024-21725 : Inadequate escaping
https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.htmlhttps://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html
2024-02-29
Published