Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
Analysis
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
Technical ContextAI
Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.
RemediationAI
Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.
SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public explo
SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low
administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8),
Akeeba Restore (restore.php), as used in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit
SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low
In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17001