MEDIUM🇬🇧 English

CVE-2025-27754

CVSS 6.5v3.1pub. 2025-06-05upd. 2025-06-16

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Rsjoomla Rsform\!blog

    APP
    Rsjoomla
    1.11.6 – 1.14.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-4226CRITICAL9.8ten sam vendor

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possibl...

CVE-2025-30084MEDIUM6.1ten sam vendor

A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs ...

CVE-2025-27444MEDIUM4.8ten sam vendor

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue aris...

CVE-2010-2464MEDIUM4.3ten sam vendor

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 f...