CVE-2025-54297 HIGH

CVE-2025-54297: Extension - compojoom.com - Stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla

Vendor Compojoom.com
Product CComment component for Joomla
Weakness CWE-79 · XSS
Published July 23, 2025
Last update July 24, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.

Explanation of Vulnerability in Simple Terms

02Summary

The CComment component for Joomla contains a cross-site scripting (XSS) vulnerability in versions 5.0.0 through 6.1.14. An authenticated administrator with high privileges can inject malicious scripts that execute in other users' browsers when they view affected pages. This requires the attacker to have admin-level access and the victim to interact with the injected content.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in other users' browsers when they view affected pages.

Potential impact on your site

04Site Impact

A compromised admin account can inject scripts affecting other users; limit admin access and monitor for unauthorized script injection.

Conditions required to exploit

05Prerequisites

Attacker must have high-level administrator privileges and the victim must view a page containing the injected script.

Key dates

06Disclosure timeline

July 23, 2025 CVE published
July 24, 2025 Record updated

Related vulnerabilities

08Related CVE