What the vulnerability does
01Description
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U
What the vulnerability does
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Explanation of Vulnerability in Simple Terms
A cross-site scripting (XSS) vulnerability in Joomla! CMS versions 4.0.0 through 5.4.6 allows an authenticated administrator to inject malicious scripts that execute in other users' browsers. The vulnerability requires administrator privileges and user interaction (such as visiting a crafted page). An attacker with admin access can deface content or steal session data from site visitors.
What an attacker can do
Inject malicious JavaScript that runs in other users' browsers when they visit the site.
Potential impact on your site
An admin account compromise could allow an attacker to deface your site or steal visitor session tokens and credentials.
Conditions required to exploit
Attacker must have administrator-level access to Joomla and the victim must visit a page containing the injected script.
Key dates
External resources
Related vulnerabilities