CVE-2024-40748Cross-site Scripting in Joomla !

CWE-79Cross-site Scripting3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 97.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedJan 7

Description

Lack of output escaping in the id attribute of menu lists.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDjoomla/joomla_!3.9.03.10.20+2
CVEListV5joomla!_project/joomla!_cms3.0.0-3.10.19, 4.0.0-4.4.9, 5.0.0-5.2.2+2

🔴Vulnerability Details

2
CVEList
[20250102] - Core - XSS vector in the id attribute of menu lists2025-01-07
GHSA
GHSA-5wmg-fqv9-w9qf: Lack of output escaping in the id attribute of menu lists2025-01-07
CVE-2024-40748 — Cross-site Scripting in Joomla ! | cvebase