CVE-2021-23129: [20210303] - Core - XSS within alert messages showed to users
First published: Thu Mar 04 2021(Updated: )
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
Credit: security@joomla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla Joomla\! | >=2.5.0<3.9.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-23129?
The severity of CVE-2021-23129 is medium.
What is the affected software for CVE-2021-23129?
The affected software for CVE-2021-23129 is Joomla! 2.5.0 through 3.9.24.
What is the CWE for CVE-2021-23129?
The CWE for CVE-2021-23129 is CWE-79 (Cross-site Scripting).
How can this vulnerability lead to XSS issues?
This vulnerability in Joomla! allows attackers to inject malicious scripts into alert messages shown to users, which can lead to cross-site scripting (XSS) issues.
Is there a fix available for CVE-2021-23129?
Yes, a fix is available for CVE-2021-23129. Joomla has released an update to address this vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/joomla
- canonical/joomla joomla\!
- version/joomla joomla\!/2.5.0