What the vulnerability does
01Description
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
What the vulnerability does
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.5 contain a cross-site scripting (XSS) vulnerability that allows authenticated administrators to inject malicious scripts. An attacker with high-level privileges can craft input that executes in other users' browsers when they view affected pages. The vulnerability requires user interaction—the victim must visit a page containing the injected payload.
What an attacker can do
Inject malicious scripts that execute in other users' browsers when they view affected pages.
Potential impact on your site
A compromised admin account can inject scripts affecting other users; limit exposure by restricting admin access and monitoring for suspicious input.
Conditions required to exploit
Attacker must have high-level administrator privileges and the victim must visit a page with the injected payload.
Key dates
External resources
Related vulnerabilities