According to its self-reported version, the instance of Joomla! running on the remote web server is 1.5.x prior to 4.4.3 or 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities.
An insufficient session expiration in MFA management views. (CVE-2024-21722)
An open redirect in installation application. (CVE-2024-21723)
A Cross-Site Scripting (XSS) in media selection fields. (CVE-2024-21724)
A Cross-Site Scripting (XSS) in mail address outputs. (CVE-2024-21725)
An inadequate content filtering within the filter code. (CVE-2024-21726)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21726
developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html
developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html
developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html
developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html
developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html
www.joomla.org/announcements/release-news/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html