CVE-2025-54476: Joomla! CMS vulnerable to XSS via the input filter
(updated )
Improper handling of input could lead to a cross-site scripting (XSS) vector in the checkAttribute method of the input filter framework class.
References
- developer.joomla.org/security-centre/1010-20250901-core-inadequate-content-filtering-within-the-checkattribute-filter-code.html
- github.com/advisories/GHSA-fm22-g2q9-j3pw
- github.com/joomla-framework/filter/commit/188dd3fccd6fa0532d105a52736affdf6b166217
- github.com/joomla-framework/filter/commit/852c7e101c649500d3af58ffb8baf15d7c86d825
- github.com/joomla-framework/filter/commit/fcde280785f188e93530f7da68102f7dd8f9f723
- github.com/joomla/joomla-cms
- nvd.nist.gov/vuln/detail/CVE-2025-54476
Code Behaviors & Features
Detect and mitigate CVE-2025-54476 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →