CVE-2025-54476
published 2025-09-30CVE-2025-54476: Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
PriorityP422medium4.8CVSS 4.0
AVNACLATNPRHUIPVCLVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.29%
21.1th percentile
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla!_project | joomla!_cms | — | — |
| joomla!_project | joomla!_cms | — | — |
| joomla!_project | joomla!_cms | — | — |
| joomla | filter | >= 0 < 2.0.6 | 2.0.6 |
| joomla | filter | >= 3.0.0 < 3.0.5 | 3.0.5 |
| joomla | filter | >= 4.0.0 < 4.0.1 | 4.0.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Joomla! CMS vulnerable to XSS via the input filter
osv·2025-09-30
CVE-2025-54476 [MEDIUM] Joomla! CMS vulnerable to XSS via the input filter
Joomla! CMS vulnerable to XSS via the input filter
Improper handling of input could lead to a cross-site scripting (XSS) vector in the checkAttribute method of the input filter framework class.
GHSA
Joomla! CMS vulnerable to XSS via the input filter
ghsa·2025-09-30
CVE-2025-54476 [MEDIUM] CWE-79 Joomla! CMS vulnerable to XSS via the input filter
Joomla! CMS vulnerable to XSS via the input filter
Improper handling of input could lead to a cross-site scripting (XSS) vector in the checkAttribute method of the input filter framework class.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-30
Published