CVE-2025-54299 CRITICAL

CVE-2025-54299: Extension - nobossextensions.com - Stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla

Vendor Nobossextensions.com
Product No Boss Testimonials component for Joomla
Weakness CWE-79 · XSS
Published July 28, 2025
Last update August 5, 2025

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.

Explanation of Vulnerability in Simple Terms

02Summary

The No Boss Testimonials component for Joomla versions 4.0.0 through 4.0.2 contains a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in the browsers of site visitors. The vulnerability requires user interaction—typically clicking a malicious link—but can affect both confidentiality and integrity of user sessions.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in visitors' browsers, stealing session cookies or modifying page content.

Potential impact on your site

04Site Impact

Visitor accounts and data at risk; attackers can steal credentials or deface content seen by your users.

Conditions required to exploit

05Prerequisites

Network access and user interaction (victim must click a malicious link or visit an attacker-controlled page).

Key dates

06Disclosure timeline

July 28, 2025 CVE published
August 5, 2025 Record updated

Related vulnerabilities

08Related CVE