cbcvebase.
CVE-2025-54476
published 2025-09-30

CVE-2025-54476: Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

PriorityP422medium4.8CVSS 4.0
AVNACLATNPRHUIPVCLVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.29%
21.1th percentile
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

Affected

6 ranges
VendorProductVersion rangeFixed in
joomla!_projectjoomla!_cms
joomla!_projectjoomla!_cms
joomla!_projectjoomla!_cms
joomlafilter>= 0 < 2.0.62.0.6
joomlafilter>= 3.0.0 < 3.0.53.0.5
joomlafilter>= 4.0.0 < 4.0.14.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.