CVE-2023-23754

State: PUBLISHED · Published: 2023-05-30 · Updated: 2025-01-10 · Assigner: Joomla

Description

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

Joomla! Project / Joomla! CMS — v=4.2.0-4.3.1 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html vendor-advisory

Source

cvelistV5-main/cves/2023/23xxx/CVE-2023-23754.json