CVE-2024-21724 - Vulnerability Details - OpenCVE

Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla\!::::::::
	cpe:2.3:a:joomla:joomla\!::::::::
	cpe:2.3:a:joomla:joomla\!::::::::

No data.

References

Link	Providers
https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html

History

Fri, 14 Feb 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Joomla Joomla joomla\!
CPEs		cpe:2.3:a:joomla:joomla\!::::::::
Vendors & Products		Joomla Joomla joomla\!
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2024-02-20T16:22:56.838Z

Updated: 2024-08-02T04:33:59.883Z

Reserved: 2024-01-01T04:30:58.880Z

Link: CVE-2024-21724

Vulnrichment

Updated: 2024-08-01T22:27:36.037Z

NVD

Status : Analyzed

Published: 2024-02-29T01:44:03.773

Modified: 2025-02-14T17:24:52.837

Link: CVE-2024-21724

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21724", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "state": "PUBLISHED", "assignerShortName": "Joomla", "dateReserved": "2024-01-01T04:30:58.880Z", "datePublished": "2024-02-20T16:22:56.838Z", "dateUpdated": "2024-08-02T04:33:59.883Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Joomla! CMS", "vendor": "Joomla! Project", "versions": [{"status": "affected", "version": "1.6.0-3.10.14"}, {"status": "affected", "version": "4.0.0-4.4.2"}, {"status": "affected", "version": "5.0.0-5.0.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dominik Ziegelm\u00fcller"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions."}], "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions."}], "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18 XSS Targeting Non-Script Elements"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2024-08-02T04:33:59.883Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html"}], "source": {"discovery": "UNKNOWN"}, "title": "[20240203] - Core - XSS in media selection fields", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-29T14:47:55.865463Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:38.088Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.037Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.037Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-29T14:47:55.865463Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.921Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "[20240203] - Core - XSS in media selection fields", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dominik Ziegelm\u00fcller"}], "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18 XSS Targeting Non-Script Elements"}]}], "affected": [{"vendor": "Joomla! Project", "product": "Joomla! CMS", "versions": [{"status": "affected", "version": "1.6.0-3.10.14"}, {"status": "affected", "version": "4.0.0-4.4.2"}, {"status": "affected", "version": "5.0.0-5.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.", "supportingMedia": [{"type": "text/html", "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2024-07-21T09:41:32.931Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21724", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:36.037Z", "dateReserved": "2024-01-01T04:30:58.880Z", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "datePublished": "2024-02-20T16:22:56.838Z", "assignerShortName": "Joomla"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FE0CA04-2613-48B3-8CB3-E114E549F81D", "versionEndExcluding": "3.10.15", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CE95A6B-EFBA-4A53-839A-E13864511CEB", "versionEndExcluding": "4.4.3", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "448756BA-E10C-4587-A54B-AD8B81EEF150", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions."}, {"lang": "es", "value": "La validaci\u00f3n de entrada inadecuada para los campos de selecci\u00f3n de medios genera vulnerabilidades XSS en varias extensiones."}], "id": "CVE-2024-21724", "lastModified": "2025-02-14T17:24:52.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-29T01:44:03.773", "references": [{"source": "security@joomla.org", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html"}], "sourceIdentifier": "security@joomla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@joomla.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}