=====================================================================

                                   CERT-Renater

                        Note d'Information No. 2023/VULN490

_____________________________________________________________________

DATE                : 29/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Joomla! versions prior to
                                       4.3.2.

=====================================================================
https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html
_____________________________________________________________________


[20230501] - Core - Open Redirects and XSS within the mfa selection

     Project: Joomla!
     SubProject: CMS
     Impact: Low
     Severity: Low
     Probability: Low
     Versions: 4.2.0-4.3.1
     Exploit type: Open Redirect / XSS
     Reported Date: 2023-02-28
     Fixed Date: 2023-05-28
     CVE Number: CVE-2023-23754


Description
Lack of input validation caused an open redirect and XSS issue
within the new mfa selection screen.


Affected Installs

Joomla! CMS versions 4.2.0-4.3.1


Solution

Upgrade to version 4.3.2


Contact

The JSST at the Joomla! Security Centre.
Reported By:  Srpopty from huntr.dev


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================