CVE-2023-23754
[20230501] - Core - Open Redirect and XSS within the mfa select
6.1
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
How to fix CVE-2023-23754
To remediate CVE-2023-23754, upgrade the affected package to a fixed version below.
- Bitnami/joomla—upgrade to 4.3.2 or later
Is CVE-2023-23754 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.2.0, < 4.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |