Remediation Steps

Follow the steps below to remediate this finding on Joomla.

1. Joomla's Form API includes CSRF tokens automatically via JSession::checkToken().

2. In your form template, add:

   <?php echo JHtml::_('form.token'); ?>

3. In your controller, validate:

4. JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));

5. For Joomla 4+, use the FormFactory service and ensure your controller extends BaseController to get token validation automatically.