CVE-2025-30084
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-08-13
Assigner: Joomla! Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rsjoomla | rsmail\! | From 1.19.20 (inc) to 1.22.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored Cross-Site Scripting (XSS) issue in the RSMail! component for Joomla versions 1.19.20 to 1.22.26. It occurs because user input in the dashboard component is not properly sanitized before being stored and displayed. An attacker can inject malicious JavaScript code into input fields, which is then executed in the browsers of users who view the crafted content in the dashboard.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts in the browsers of users who access the affected dashboard. This can lead to theft of sensitive information such as cookies or session tokens, unauthorized actions performed on behalf of users, or the spread of malware. It compromises the security and trustworthiness of the affected Joomla site.
What immediate steps should I take to mitigate this vulnerability?
Update the RSMail! component to version 1.22.27 or later, as this version includes fixes for XSS vulnerabilities including those related to creating list fields and other input sanitization issues. [1]