Developer Network™

Download
Launch

Security Announcements

[20250901] - Core - Inadequate content filtering within the checkAttribute filter code

  • Project: Joomla! / Joomla! Framework
  • SubProject: CMS / filter
  • Impact: Moderate
  • Severity: Moderate
  • Probability: Moderate
  • Versions: 3.0.0-3.10.20-elts, 4.0.0-4.4.13, 5.0.0-5.3.3
  • Exploit type: XSS
  • Reported Date: 2025-08-03
  • Fixed Date: 2025-09-30
  • CVE Number: CVE-2025-54476

Description

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 3.0.0-3.10.20-elts, 4.0.0-4.4.13, 5.0.0-5.3.3

Solution

Upgrade to version 4.4.14 or 5.3.4

Contact

The JSST at the Joomla! Security Centre.

Reported By:  Flydragon, Poi, Cwy, Xtrimi