BIT-joomla-2023-23754

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/joomla/BIT-joomla-2023-23754.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-joomla-2023-23754

Aliases

CVE-2023-23754

Published

2025-04-03T14:16:03.188Z

Modified

2025-05-20T10:02:07.006Z

Summary

[20230501] - Core - Open Redirect and XSS within the mfa select

Details

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

Database specific

{
    "cpes": [
        "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html
https://nvd.nist.gov/vuln/detail/CVE-2023-23754

Affected packages

Bitnami / joomla

Package

Name: joomla
Purl: pkg:bitnami/joomla

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.2.0

Fixed

4.3.2