Joomla password reset vulnerability and a stored XSS for full compromise

Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features to achieve full compromise of the underlying server. Joomla has a strong OOP architecture and a large codebase. Strong input validation