CVE-2025-50126 MEDIUM

CVE-2025-50126: Extension - rsjoomla.com - Stored XSS vulnerability RSBlog! component 1.11.6-1.14.5 for Joomla

Vendor Rsjoomla.com
Product RSBlog! component for Joomla
Weakness CWE-79 · XSS
Published July 18, 2025
Last update July 23, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.

Explanation of Vulnerability in Simple Terms

02Summary

RSBlog! component for Joomla contains a cross-site scripting (XSS) vulnerability in versions 1.11.6 through 1.14.5. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers. The vulnerability requires no user interaction from the victim. Site administrators should update to a version newer than 1.14.5.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in other users' browsers when they view affected pages.

Potential impact on your site

04Site Impact

Authenticated attackers can steal session cookies, redirect users, or deface content visible to other site users.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege Joomla user account; no victim interaction required.

Key dates

06Disclosure timeline

July 18, 2025 CVE published
July 23, 2025 Record updated

Related vulnerabilities

08Related CVE