Stored XSS Vulnerability in CommentBox for Joomla by FireCoders
CVE-2025-54298

9.4CRITICAL

Key Information:

Vendor: Firecoders.com
Status: Commentbox Component For Joomla
Vendor: CVE Published:; 28 July 2025

🔔 Create Firecoders.com Vulnerability Alert

What is CVE-2025-54298?

A stored cross-site scripting (XSS) vulnerability exists in the CommentBox component for Joomla versions 1.0.0 to 1.1.0. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising user data and website integrity. It is crucial for Joomla site administrators using the CommentBox component to apply necessary updates and security measures to safeguard against potential exploitation of this vulnerability.

Affected Version(s)

CommentBox component for Joomla 1.0.0-1.1.0

References

https://firecoders.com/

product

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Sebastian Jeż