Vulnerability in Joomla! Project Cms

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

EPSS: 0.809 (99.6th percentile) — read the EPSS interpretation.

Affected products

Joomla! Project Cms — versions 3.9.0-3.9.23

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

developer.joomla.org/security-centre/837-20210102-core-xss-in-mod-breadcrumbs-a… (x_refsource_MISC, vendor-advisory)

Frequently asked questions

What is CVE-2021-23124?: CVE-2021-23124 is a vulnerability in Joomla! Project Cms. Published 2021-01-12.
Is CVE-2021-23124 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.