216.73.217.86

CVE-2025-27444

· Published 04/06/2025 08:15 · Modified 04/06/2025 14:54

Labels: CVE-2025-27444 2025-06-04CVE-2025-27444CWE-79[email protected]

Essential information

Published
04/06/2025 08:15
Modified
04/06/2025 14:54
Author
Creator
CVSS
4.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
joomla / rsform pro cpe:2.3:a:joomla:rsform_pro:3.0.0-3.3.13:*:*:*:*:*:*:*

References