Description
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
References (2)
Core 2
Core References
Various Sources product
https://virtuemart.net/
Various Sources third-party-advisory
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-55757
Scores
CVSS v3
6.1
EPSS
0.0002
EPSS Percentile
6.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
virtuemart.net/Virtuemart component for Joomla
1.0.0-4.4.10
Published
Oct 25, 2025
Tracked Since
Feb 18, 2026