CVE-2024-40747

Medium CVSS: 6.1

Various module chromes didn't properly process inputs, leading to XSS vectors.

Vendor

Product

CWE

Yayın Tarihi

2025-01-07 17:15:23

Güncelleme

2025-06-04 20:56:25

Source Identifier

security@joomla.org

KEV Date Added

CWE-79 Joomla\! MEDIUM Joomla 2025

https://developer.joomla.org/security-centre/954-20250101-core-xss-vectors-in-module-chromes.html

Medium

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Medium

CVE-2025-63083

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

Critical

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…

High

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

High

CVE-2024-40749

Improper Access Controls allows access to protected views.