A cross-site scripting (XSS) vulnerability exists in Joomla due to a lack of output escaping for article titles. Attackers can inject malicious scripts through crafted article titles, potentially compromising user accounts or manipulating site content. The vulnerability affects Joomla versions 6.0.0 through 6.0.3. No official patch is currently available.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
Update Joomla! to the latest available version. This will fix the XSS (Cross-Site Scripting) vulnerabilities in article titles.
Vulnerability analysis and critical alerts directly to your inbox.
It’s an XSS vulnerability in Joomla caused by missing output escaping for article titles.
If you are using Joomla versions 6.0.0 through 6.0.3, you are potentially vulnerable.
No official patch is currently available. Implement proper output encoding as a temporary mitigation.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.