CVE-2025-50056 MEDIUM

CVE-2025-50056: Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla

Vendor Rsjoomla.com
Product RSMail! component for Joomla
Weakness CWE-79 · XSS
Published July 18, 2025
Last update July 20, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.

Explanation of Vulnerability in Simple Terms

02Summary

RSMail! for Joomla contains a cross-site scripting (XSS) vulnerability in versions 1.19.20 through 1.22.28. An attacker can inject malicious scripts that execute in a user's browser when they interact with affected pages. The vulnerability requires user interaction to trigger. Update to a version newer than 1.22.28 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in users' browsers when they visit or interact with affected pages.

Potential impact on your site

04Site Impact

Attackers can steal session cookies, redirect users, or deface content visible to site visitors.

Conditions required to exploit

05Prerequisites

Network access to the Joomla site; victim must click a link or visit a page containing the injected script.

Key dates

06Disclosure timeline

July 18, 2025 CVE published
July 20, 2025 Record updated

Related vulnerabilities

08Related CVE