What the vulnerability does
01Description
Improper validation leads to a generic XSS vector in the language override feature.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U
What the vulnerability does
Improper validation leads to a generic XSS vector in the language override feature.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 3.0.0 through 5.4.6 contain a stored cross-site scripting (XSS) vulnerability. An authenticated administrator can inject malicious scripts that execute in other users' browsers when they view affected content. The vulnerability requires high-level privileges and user interaction to exploit, limiting its scope to administrative misuse or compromise.
What an attacker can do
Inject malicious scripts that run in other users' browsers when they view the affected content.
Potential impact on your site
A compromised admin account can inject persistent malicious code affecting all site visitors who view the targeted content.
Conditions required to exploit
Attacker must have administrator-level access to Joomla and the victim must view the affected page.
Key dates
External resources
Related vulnerabilities