Stored XSS Vulnerability in RSMail! Component for Joomla by RSJoomla
CVE-2025-30084

Currently unrated

Key Information:

Vendor: Rsjoomla.com
Status: Rsmail! Component For Joomla
Vendor: CVE Published:; 5 June 2025

🔔 Create Rsjoomla.com Vulnerability Alert

What is CVE-2025-30084?

A stored XSS vulnerability exists in the RSMail! component versions 1.19.20 through 1.22.26 for Joomla. This issue arises within the administrative dashboard, where inputs provided by users are inadequately sanitized before being stored. Malicious actors may exploit this vulnerability by injecting harmful JavaScript into text fields. When other users interact with these affected components, the injected script executes in their browsers, potentially leading to unauthorized actions or data leakage. It is crucial for Joomla site administrators using the RSMail! component to ensure their systems are updated to the latest versions and to implement security measures to mitigate such vulnerabilities.

Affected Version(s)

RSMail! component for Joomla 1.19.20-1.22.26

References

https://rsjoomla.com/

product

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2025
Vulnerability Reserved
Mar 16, 2025

Credit

Kamil Szczurowski

Robert Kruczek