CVE-2025-63083

Medium CVSS: 5.9

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

Vendor

Product

CWE

Yayın Tarihi

2026-01-06 17:15:44

Güncelleme

2026-01-30 18:41:36

Source Identifier

security@joomla.org

KEV Date Added

CWE-79 Joomla\! MEDIUM Joomla 2026

https://developer.joomla.org/security-centre/1017-20260102-core-xss-vector-in-the-pagebreak-plugin.html

Medium

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Critical

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…

High

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Medium

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

High

CVE-2024-40749

Improper Access Controls allows access to protected views.