Skip to main content

Rsfirewall EUVDEUVD-2026-15653

| CVE-2026-25341 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-03-25 Patchstack GHSA-93j2-qhr6-j792
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 16:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15653
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.

AnalysisAI

RSFirewall!, a security plugin for Joomla, contains a Stored Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects RSFirewall! versions up to and including 1.1.45, enabling authenticated or unauthenticated attackers (depending on configuration) to store persistent XSS payloads that execute in the browsers of administrators and site visitors. No CVSS score, EPSS data, or KEV status is currently available, but the Patchstack report indicates active awareness of this vulnerability in the security community.

Technical ContextAI

This vulnerability is a Stored XSS flaw classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which occurs when user-supplied input is not properly sanitized or escaped before being rendered in HTML context. RSFirewall! (CPE: cpe:2.3:a:rsjoomla!:rsfirewall!:*:*:*:*:*:*:*:*) is a Joomla! security extension responsible for firewall functionality, access control, and input filtering. The root cause involves inadequate input validation or output encoding in the plugin's code, allowing an attacker to bypass the firewall's own protections to inject JavaScript that persists in the database and executes whenever the affected page is loaded. The vulnerability likely exists in admin panels, configuration interfaces, or user-facing forms where the plugin processes and displays user input without sufficient HTML entity encoding or Content Security Policy enforcement.

RemediationAI

Immediately upgrade RSFirewall! to a version newer than 1.1.45; check the official RSJoomla! website or Joomla extension marketplace for the latest patched release. Until a patch is available or deployment is feasible, implement the following mitigations: enable a Web Application Firewall (WAF) with XSS filtering rules, enforce Content Security Policy (CSP) headers to restrict inline script execution, and disable or restrict user input to RSFirewall! admin panels to trusted administrators only. Additionally, sanitize and escape all user inputs at the application level by ensuring the plugin's developers have implemented proper output encoding (HTML entity encoding) for all dynamic content. Monitor the Patchstack advisory and RSJoomla! security announcements for patch availability. If running on WordPress (note: the reference URL mentions WordPress but RSFirewall! is primarily a Joomla extension), ensure the correct Joomla version of the plugin is deployed.

Share

EUVD-2026-15653 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy