Fortinet Discovers Joomla Proclaim Extension Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in Joomla Proclaim (formerly known as Joomla Bible Study) Extension.
Proclaim is a Joomla system of a component, modules, and plugins designed to help church put study or sermon notes online and connect to a multitude of media content.
A XSS vulnerability has been discovered in Proclaim before version 9.2.8. The vulnerability is caused due to less protection in the media file upload process. It allows remote privileged attackers to launch XSS attack against Joomla users.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jun 02, 2021
Upgrade to Proclaim v9.2.8 or higher version.
Fortinet reported the vulnerability to Proclaim development team on June 2, 2021.
Proclaim development team confirmed the vulnerability on June 2, 2021.
Proclaim development team patched the vulnerability on June 2, 2021.