CVE-2024-40743

State: PUBLISHED · Published: 2024-08-20 · Updated: 2024-11-03 · Assigner: Joomla

Description

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

Joomla! Project / Joomla! CMS — v=3.0.0-3.10.16 [affected]; v=4.0.0-4.4.6 [affected]; v=5.0.0-5.1.2 [affected]

CVSS

References

Source

cvelistV5-main/cves/2024/40xxx/CVE-2024-40743.json