CVE-2025-54296 HIGH

CVE-2025-54296: Extension - mooj.org - Stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla

Vendor Mooj.org
Product ProFiles component for Joomla
Weakness CWE-79 · XSS
Published July 23, 2025
Last update July 24, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.

Explanation of Vulnerability in Simple Terms

02Summary

The ProFiles component for Joomla contains a cross-site scripting (XSS) vulnerability that allows authenticated administrators to inject malicious scripts. An attacker with high-level privileges and user interaction can execute arbitrary JavaScript in the context of other users' browsers. This vulnerability requires network access and administrator credentials to exploit.

What an attacker can do

03Attacker Capabilities

Inject and execute malicious JavaScript code in other users' browsers.

Potential impact on your site

04Site Impact

Administrators with malicious intent can steal session tokens, modify site content, or compromise other admin accounts.

Conditions required to exploit

05Prerequisites

Administrator account access and user interaction (victim must visit a crafted page).

Key dates

06Disclosure timeline

July 23, 2025 CVE published
July 24, 2025 Record updated

Related vulnerabilities

08Related CVE