Various module chromes didn't properly process inputs, leading to XSS vectors.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 04 Jun 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Joomla
Joomla joomla\!
CPEs cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Vendors & Products Joomla
Joomla joomla\!

Tue, 07 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
Description Various module chromes didn't properly process inputs, leading to XSS vectors.
Title [20250101] - Core - XSS vectors in module chromes
Weaknesses CWE-79
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published:

Updated: 2025-01-07T16:57:51.461Z

Reserved: 2024-07-09T16:16:21.865Z

Link: CVE-2024-40747

cve-icon Vulnrichment

Updated: 2025-01-07T16:57:41.651Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-07T17:15:23.430

Modified: 2025-06-04T20:56:25.670

Link: CVE-2024-40747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.