CVE-2025-63082

Medium CVSS: 5.9

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Vendor

Product

CWE

Yayın Tarihi

2026-01-06 17:15:44

Güncelleme

2026-01-30 18:41:18

Source Identifier

security@joomla.org

KEV Date Added

CWE-79 Joomla\! MEDIUM Joomla 2026

Medium

CVE-2025-63083

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

Critical

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…

High

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Medium

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

High

CVE-2024-40749

Improper Access Controls allows access to protected views.