CVE-2025-63082
MEDIUMProduct - XSS
Title source: llmDescription
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Scores
CVSS v3
6.1
EPSS
0.0001
EPSS Percentile
0.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (1)
joomla/joomla\!
< 5.4.2
Timeline
Published
Jan 06, 2026
Tracked Since
Feb 18, 2026