Medium severityGHSA Advisory· Published Sep 30, 2025· Updated Apr 15, 2026
CVE-2025-54476
CVE-2025-54476
Description
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joomla/filterPackagist | >= 4.0.0, < 4.0.1 | 4.0.1 |
joomla/filterPackagist | >= 3.0.0, < 3.0.5 | 3.0.5 |
joomla/filterPackagist | < 2.0.6 | 2.0.6 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-fm22-g2q9-j3pwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-54476ghsaADVISORY
- developer.joomla.org/security-centre/1010-20250901-core-inadequate-content-filtering-within-the-checkattribute-filter-code.htmlnvdWEB
- github.com/joomla-framework/filter/commit/188dd3fccd6fa0532d105a52736affdf6b166217ghsaWEB
- github.com/joomla-framework/filter/commit/852c7e101c649500d3af58ffb8baf15d7c86d825ghsaWEB
- github.com/joomla-framework/filter/commit/fcde280785f188e93530f7da68102f7dd8f9f723ghsaWEB
News mentions
0No linked articles in our index yet.