CVE-2025-54298 — A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was di... | CVE Daily

Critical CVSS 9.4

Overview

A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.

CWE: CWE-79 Published: 2025-07-28T18:15:26.913

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.4 (CRITICAL)
Detected tags: joomla, stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags