What the vulnerability does
01Description
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component.
Explanation of Vulnerability in Simple Terms
02Summary
RSDirectory! for Joomla contains a cross-site scripting (XSS) vulnerability in versions up to 2.2.8. An attacker with high-level privileges can inject malicious scripts that execute in the browsers of other users viewing the component. The vulnerability requires administrative or elevated access to exploit.
What an attacker can do
03Attacker Capabilities
Inject malicious scripts that run in other users' browsers when they view the component.
Potential impact on your site
04Site Impact
A compromised admin account could inject scripts affecting other administrators or users, potentially stealing session tokens or modifying site content.
Conditions required to exploit
05Prerequisites
Attacker must have high-level privileges (admin or manager role) in the Joomla installation.
Key dates
06Disclosure timeline
July 18, 2025
CVE published
July 20, 2025
Record updated