CVE-2025-54296 — A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discov... | CVE Daily

High CVSS 7.0

Overview

A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.

CWE: CWE-79 Published: 2025-07-23T12:15:28.527

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.0 (HIGH)
Detected tags: joomla, stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags