Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
| Vendor | Product | Versions |
|---|---|---|
| joomla | joomla | 4.0.0-5.4.6, 6.0.0-6.1.1 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | joomla | cert_advisory | 90% |
Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited.
Initial creation