Joomla! recently patched two cross-site scripting vulnerabilities that if left unrepaired could give a malicious actor higher permissions possibly allowing the targeted site to be taken over.
Fortinet said it had reported the issues to Joomla! earlier this year and the content management system provider patched them last week. The issues were CVE-2017-7985 and CVE-2017-7986 for Joomla! versions 1.5.0 through 3.6.5.
Fortinet encouraged Joomla! users, of which there are 78 million worldwide, to immediately update their software.