CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

June 4, 2025

CVE ID : CVE-2025-27444

Published : June 4, 2025, 8:15 a.m. | 3 hours, 19 minutes ago

Description : A reflected XSS vulnerability in RSform!Pro component 3.0.0 – 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13967 – EIBPORT Web Server Configuration Page Authentication Bypass

Next Article Asus adviseert fabrieksreset voor verwijderen van SSH-backdoor

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

Critical Fortinet flaws now exploited in Qilin ransomware attacks

Critics slammed it, but A Minecraft Movie just broke a box office record

Playwright Cheatsheet: Quick Tips for Testers

I Love Lasagna and Latinas Shirt

Rilasciato Sublime Text 4 versione 4200

Random color Generator

PowerToys latest update focuses on fixes and new features for the Command Palette

Weaviate Researchers Introduce Function Calling for LLMs: Eliminating SQL Dependency to Improve Database Querying Accuracy and Efficiency

Vue.js 2 Tutorials (in 3 Parts)

CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

Related Posts