CVE-2024-40748

CVE-2024-40748: [20250102] - Core - XSS vector in the id attribute of menu lists

Vendor Joomla! Project
Product Joomla! CMS
Weakness CWE-79 · XSS
Published January 7, 2025
Last update January 8, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Lack of output escaping in the id attribute of menu lists.

Key dates

02Disclosure timeline

January 7, 2025 CVE published
January 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-6082 PHPVibe Global Options Page functionalities.global.php cross site scripting CVE-2023-48492 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-31093 WordPress RPS Include Content plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability CVE-2025-31621 WordPress byBrick Accordion plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-37278 WordPress Cards for Beaver Builder plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability