CVE-2025-49486 — A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla ... | CVE Daily

High CVSS 8.6

Overview

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.

CWE: CWE-79 Published: 2025-07-18T10:15:33.867

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.6 (HIGH)
Detected tags: joomla, stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags