Joomla! has released security updates to address a cross-site scripting (XSS) vulnerability in multiple components of Joomla! content management system. For more information regarding the security update, please refer to the following link: Joomla! Security Centre.

Affected Systems:

• Joomla! CMS versions 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2.

Security Risks

A successful exploitation of the vulnerability could lead to remote arbitrary code execution and compromise the web application on the affected system.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest version of installed software in order to continue receiving technical support and security patches.

The software versions released for upgrade are:

• Joomla! CMS versions: 3.10.15-elts, 4.4.3 or 5.0.3

2. Before performing any update tasks, ensure that you have a backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

https://developer.joomla.org/security-centre.html

https://downloads.joomla.org/cms/joomla4/4-4-3