CVE-2025-54299 — A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0... | CVE Daily

Critical CVSS 9.4

Overview

A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.

CWE: CWE-79 Published: 2025-07-28T18:15:27.113

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.4 (CRITICAL)
Detected tags: joomla, stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags