CVE-2025-27754

CVE-2025-27754: Extension - rsjoomla.com - A stored XSS vulnerability RSBlog! component 1.11.6 - 1.14.4 for Joomla

Vendor Rsjoomla.com

Product RSBlog component for Joomla

Weakness CWE-79 · XSS

Published June 5, 2025

Last update June 8, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.

Key dates

Disclosure timeline

June 5, 2025 CVE published

June 8, 2025 Record updated