Zero Day Monitor
ZDM
Dashboard
Vulnerabilities
Trending
Zero-Days
News
Login
CVE-2025-63083: Lack of output escaping leads to a XSS vector in the pagebreak plugin. — Zero Day Monitor
← Back to list
6.1
CVE-2025-63083
PATCHED
joomla · joomla\!
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Description
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Affected Products
Vendor
Product
Versions
joomla
joomla\!
< 5.4.2, < 6.0.2
References
https://developer.joomla.org/security-centre/1017-20260102-core-xss-vector-in-the-pagebreak-plugin.html
(Vendor Advisory)
CVSS 3.1
6.1
MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA KEV
❌ No
Actively exploited
❌ No
Patch available
5.4.2
6.0.2
CWE
CWE-79
Published
Jan 6, 2026
Last enriched
5d ago
Trending Score
0
Source articles
0
Independent
0
Info Completeness
8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack
Community Vote
0
Login to vote
0 upvotes
0 downvotes
No votes yet
Related CVEs (2)
HIGH
PRE-CVE
Multiple Vulnerabilities in Joomla CMS Allow Security Bypass, SQL Injection, and Cross-Site Scripting
Trending: 27
MEDIUM
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Pin to Dashboard
Verification
State:
verified
Confidence:
100%
Vulnerability Timeline
CVE Published
Jan 6, 2026
Patch Available
Jan 30, 2026
Discovered by ZDM
Mar 26, 2026
