CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-40748: [20250102] - Core - XSS vector in the id attribute of menu lists

Description

Lack of output escaping in the id attribute of menu lists.

Classification

CVE ID: CVE-2024-40748

Affected Products

Vendor: Joomla! Project

Product: Joomla! CMS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.49% (scored less or equal to compared to others)

EPSS Date: 2025-02-05 (when was this score calculated)

References

https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html

Timeline