What the vulnerability does
01Description
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.
Explanation of Vulnerability in Simple Terms
RSBlog! component for Joomla contains a cross-site scripting (XSS) vulnerability in versions 1.11.6 through 1.14.5. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers. The vulnerability requires no user interaction from the victim. Site administrators should update to a version newer than 1.14.5.
What an attacker can do
Inject malicious scripts that run in other users' browsers when they view affected pages.
Potential impact on your site
Authenticated attackers can steal session cookies, redirect users, or deface content visible to other site users.
Conditions required to exploit
Attacker must have a low-privilege Joomla user account; no victim interaction required.
Key dates
External resources
Related vulnerabilities