CVE-2025-54476 — Cross-site Scripting in Joomla Filter

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 84.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 30

Description

Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

▶Packagistjoomla/filter4.0.0 — 4.0.1+2

▶CVEListV5joomla!_project/joomla!_cms3.0.0-3.10.20, 4.0.0-4.4.13, 5.0.0-5.3.3+2

CVEList

Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code↗2025-09-30

▶

OSV

Joomla! CMS vulnerable to XSS via the input filter↗2025-09-30

▶

GHSA

Joomla! CMS vulnerable to XSS via the input filter↗2025-09-30

▶