Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.
AnalysisAI
RSFirewall!, a security plugin for Joomla, contains a Stored Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects RSFirewall! versions up to and including 1.1.45, enabling authenticated or unauthenticated attackers (depending on configuration) to store persistent XSS payloads that execute in the browsers of administrators and site visitors. No CVSS score, EPSS data, or KEV status is currently available, but the Patchstack report indicates active awareness of this vulnerability in the security community.
Technical ContextAI
This vulnerability is a Stored XSS flaw classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which occurs when user-supplied input is not properly sanitized or escaped before being rendered in HTML context. RSFirewall! (CPE: cpe:2.3:a:rsjoomla!:rsfirewall!:*:*:*:*:*:*:*:*) is a Joomla! security extension responsible for firewall functionality, access control, and input filtering. The root cause involves inadequate input validation or output encoding in the plugin's code, allowing an attacker to bypass the firewall's own protections to inject JavaScript that persists in the database and executes whenever the affected page is loaded. The vulnerability likely exists in admin panels, configuration interfaces, or user-facing forms where the plugin processes and displays user input without sufficient HTML entity encoding or Content Security Policy enforcement.
RemediationAI
Immediately upgrade RSFirewall! to a version newer than 1.1.45; check the official RSJoomla! website or Joomla extension marketplace for the latest patched release. Until a patch is available or deployment is feasible, implement the following mitigations: enable a Web Application Firewall (WAF) with XSS filtering rules, enforce Content Security Policy (CSP) headers to restrict inline script execution, and disable or restrict user input to RSFirewall! admin panels to trusted administrators only. Additionally, sanitize and escape all user inputs at the application level by ensuring the plugin's developers have implemented proper output encoding (HTML entity encoding) for all dynamic content. Monitor the Patchstack advisory and RSJoomla! security announcements for patch availability. If running on WordPress (note: the reference URL mentions WordPress but RSFirewall! is primarily a Joomla extension), ensure the correct Joomla version of the plugin is deployed.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15653
GHSA-93j2-qhr6-j792