A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://norrnext.com/ cve-icon cve-icon
History

Mon, 25 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Joomla
Joomla joomla
Joomla joomla!
Vendors & Products Joomla
Joomla joomla
Joomla joomla!

Mon, 25 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 25 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
Description A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
Title Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published:

Updated: 2025-08-25T13:49:11.336Z

Reserved: 2025-07-18T09:52:23.346Z

Link: CVE-2025-54300

cve-icon Vulnrichment

Updated: 2025-08-25T13:49:07.515Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-25T07:15:34.993

Modified: 2025-08-25T20:24:45.327

Link: CVE-2025-54300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-25T22:08:14Z