Description
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Remediation
References
Related Vulnerabilities
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.0.2)
WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)