CVE-2024-21726 - Vulnerability Details - OpenCVE

Inadequate content filtering leads to XSS vulnerabilities in various components.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla\!::::::::
	cpe:2.3:a:joomla:joomla\!::::::::
	cpe:2.3:a:joomla:joomla\!::::::::

No data.

References

Link	Providers
https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html
https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/

History

Mon, 02 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Joomla Joomla joomla\!
CPEs		cpe:2.3:a:joomla:joomla\!::::::::
Vendors & Products		Joomla Joomla joomla\!

Fri, 13 Dec 2024 11:00:00 +0000

Type	Values Removed	Values Added
References		https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/

Mon, 04 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2024-02-20T16:22:36.946Z

Updated: 2024-12-25T04:35:19.649Z

Reserved: 2024-01-01T04:30:58.881Z

Link: CVE-2024-21726

Vulnrichment

Updated: 2024-08-01T22:27:35.985Z

NVD

Status : Analyzed

Published: 2024-02-29T01:44:03.897

Modified: 2025-06-02T14:41:33.100

Link: CVE-2024-21726

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21726", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "state": "PUBLISHED", "assignerShortName": "Joomla", "dateReserved": "2024-01-01T04:30:58.881Z", "datePublished": "2024-02-20T16:22:36.946Z", "dateUpdated": "2024-12-25T04:35:19.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Joomla! CMS", "vendor": "Joomla! Project", "versions": [{"status": "affected", "version": "3.7.0-3.10.14"}, {"status": "affected", "version": "4.0.0-4.4.2"}, {"status": "affected", "version": "5.0.0-5.0.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Stefan Schiller (Sonar)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inadequate content filtering leads to XSS vulnerabilities in various components."}], "value": "Inadequate content filtering leads to XSS vulnerabilities in various components."}], "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18 XSS Targeting Non-Script Elements"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2024-12-25T04:35:19.649Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html"}, {"tags": ["technical-description"], "url": "https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "[20240205] - Core - Inadequate content filtering within the filter code", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-29T20:46:25.073985Z", "id": "CVE-2024-21726", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-04T20:25:00.725Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.985Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.985Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-21726", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-29T20:46:25.073985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.230Z"}}], "cna": {"title": "[20240205] - Core - Inadequate content filtering within the filter code", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Stefan Schiller (Sonar)"}], "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18 XSS Targeting Non-Script Elements"}]}], "affected": [{"vendor": "Joomla! Project", "product": "Joomla! CMS", "versions": [{"status": "affected", "version": "3.7.0-3.10.14"}, {"status": "affected", "version": "4.0.0-4.4.2"}, {"status": "affected", "version": "5.0.0-5.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html", "tags": ["vendor-advisory"]}, {"url": "https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/", "tags": ["technical-description"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Inadequate content filtering leads to XSS vulnerabilities in various components.", "supportingMedia": [{"type": "text/html", "value": "Inadequate content filtering leads to XSS vulnerabilities in various components.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2024-12-25T04:35:19.649Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21726", "state": "PUBLISHED", "dateUpdated": "2024-12-25T04:35:19.649Z", "dateReserved": "2024-01-01T04:30:58.881Z", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "datePublished": "2024-02-20T16:22:36.946Z", "assignerShortName": "Joomla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3D02EFE-2ED7-4D56-AEEA-F562317FEE45", "versionEndIncluding": "3.10.15", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CE95A6B-EFBA-4A53-839A-E13864511CEB", "versionEndExcluding": "4.4.3", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "448756BA-E10C-4587-A54B-AD8B81EEF150", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Inadequate content filtering leads to XSS vulnerabilities in various components."}, {"lang": "es", "value": "El filtrado de contenido inadecuado genera vulnerabilidades XSS en varios componentes."}], "id": "CVE-2024-21726", "lastModified": "2025-06-02T14:41:33.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-29T01:44:03.897", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}