CVE-2025-63082 MEDIUM

CVE-2025-63082: Joomla! Core - [20260101] - Inadequate content filtering for data URLs

Vendor Joomla! Project

Product Joomla! CMS

Weakness CWE-79 · XSS

Published January 6, 2026

Last update January 6, 2026

CVSS base score

5.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U

What the vulnerability does

Description

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Key dates

January 6, 2026 CVE published

January 6, 2026 Record updated

CVE CVE-2025-63082

CWE CWE-79

CVSS 5.9 / MEDIUM

Vendor Joomla! Project

Product Joomla! CMS

Affected 4.0.0-5.4.1

Vendor Joomla! Project

Product Joomla! CMS

Affected 6.0.0-6.0.1