- Description
- A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
- Source
- security@joomla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- MEDIUM
- security@joomla.org
- CWE-79
- Hype score
- Not currently trending
CVE-2025-27754 Stored XSS Vulnerability in RSBlog! Component for Joomla 1.11.6 - 1.14.4 https://t.co/OLMdpRkG2p
@VulmonFeeds
5 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27754 A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript… https://t.co/EBy4pk2t8a
@CVEnew
5 Jun 2025
269 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsjoomla:rsform\\!blog:*:*:*:*:*:joomla\\!:*:*",
"vulnerable": true,
"matchCriteriaId": "CCFB0DFE-ACBA-42D3-9A44-19D6B57E415E",
"versionEndIncluding": "1.14.4",
"versionStartIncluding": "1.11.6"
}
],
"operator": "OR"
}
]
}
]