Stored XSS Issue in ProFiles Component for Joomla
CVE-2025-54296

7HIGH

Key Information:

Vendor: Mooj.org
Status: Profiles Component For Joomla
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-54296?

A stored cross-site scripting (XSS) vulnerability has been identified in versions 1.0 to 1.5.0 of the ProFiles component for Joomla. This security flaw allows attackers to inject malicious scripts into web pages viewed by other users, enabling unauthorized actions and potential data exposure. It is crucial for Joomla users to apply patches and updates to safeguard their installations against such vulnerabilities.

Affected Version(s)

ProFiles component for Joomla 1.0-1.5.0

References

https://mooj.org/

product

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Sebastian Jeż

Mooj.org

What is CVE-2025-54296?

Affected Version(s)

References

CVSS V4

Timeline

Credit