CVE-2025-54300 HIGH

CVE-2025-54300: Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla

Vendor Norrnext.com
Product Quantum Mamanger component for Joomla
Weakness CWE-79 · XSS
Published August 25, 2025
Last update August 25, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.

Explanation of Vulnerability in Simple Terms

02Summary

The Quantum Manager component for Joomla contains a cross-site scripting (XSS) vulnerability that allows high-privilege users to inject malicious scripts. An attacker with administrator or manager access can craft input that executes JavaScript in other users' browsers, potentially compromising site security or stealing session data. Update to a patched version when available.

What an attacker can do

03Attacker Capabilities

Inject JavaScript that runs in other users' browsers, potentially stealing sessions or modifying site content.

Potential impact on your site

04Site Impact

A compromised admin or manager account can inject malicious scripts affecting all site visitors and other administrators.

Conditions required to exploit

05Prerequisites

Attacker must have high-level Joomla user privileges (administrator or manager role).

Key dates

06Disclosure timeline

August 25, 2025 CVE published
August 25, 2025 Record updated

Related vulnerabilities

08Related CVE