Researchers identify two vulnerabilities in Joomla content management system that can be chained together for complete compromise of the network. One of the identified vulnerabilities is a password reset flaw and another is a cross-site scripting vulnerability that can lead to privilege escalation. Fortbridge says the company released patches for the vulnerabilities in May. A string of recent data breaches has been tied to such vulnerabilities, such as those in Tesla 3’s web browser, Accellion’s File Transfer Appliance and PayPal’s payment system.”]
Source: https://www.cuinfosecurity.com/joomla-content-system-vulnerable-to-multiple-flaws-a-16840