Joomla! CMS
Moderate fix2 remedies
cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 4.0.0, <= 5.4.1
- >= 6.0.0, <= 6.0.1
Joomla! CMS Cross-Site Scripting Vulnerability in HTML Filter for Data URLs
Vulnerability
Patched
A cross-site scripting (XSS) vulnerability has been identified in Joomla! CMS versions 4.0.0 prior to 5.4.1 and 6.0.0 prior to 6.0.1. This issue arises from inadequate input filtering in the HTML filter code, specifically concerning data URLs in image tags. The lack of proper validation creates an XSS vector that can be exploited.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users are advised to upgrade to Joomla! CMS version 5.4.2 or 6.0.2.
Added: Jan 6, 2026, 5:32 PM
Updated: Jan 6, 2026, 5:32 PM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
1.7exploitability
4.7remediation
7.7relevance
1.9threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.