Joomla, Stored XSS, CVE-2025-27754 (Critical)

By /

Listen to this Post

How the CVE Works

CVE-2025-27754 is a stored Cross-Site Scripting (XSS) vulnerability in the RSBlog! component (versions 1.11.6 to 1.14.4) for Joomla. Authenticated attackers can inject malicious JavaScript into the plugin’s resource fields, such as blog posts or comments. The payload persists in the database and executes when other users access the compromised content. This allows session hijacking, defacement, or malware distribution. The vulnerability stems from improper input sanitization in user-supplied data before rendering it in the browser.

DailyCVE Form

Platform: Joomla
Version: 1.11.6 – 1.14.4
Vulnerability: Stored XSS
Severity: Critical
Date: 06/16/2025

Prediction: Patch by 07/10/2025

What Undercode Say

Check RSBlog! version
grep -r "RSBlog!" /var/www/html/
Exploit PoC (sanitized)
curl -X POST -d "content=<script>alert(1)</script>" http://victim.site/rsblog/submit
Mitigation (temp)
UPDATE jos_rsblog SET content = REGEXP_REPLACE(content, '<script.?>.?</script>', '');

How Exploit

  • Authenticated attacker injects malicious script via RSBlog! input fields.
  • Payload triggers when admin or user views the compromised resource.
  • Steals sessions, redirects, or executes arbitrary actions.

Protection from this CVE

  • Update RSBlog! to patched version post-1.14.4.
  • Apply Joomla’s Content Security Policy (CSP).
  • Sanitize user inputs with HTMLPurifier.

Impact

  • Unauthorized admin access.
  • Data theft via session cookies.
  • Site compromise chain attacks.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top