Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for rsmail\! by rsjoomla

    CVE-2025-30084 (GCVE-0-2025-30084)

    Vulnerability from nvd – Published: 2025-06-05 13:20 – Updated: 2025-06-14 04:36
    VLAI
    Title
    Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla
    Summary
    A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://rsjoomla.com/ product
    Impacted products
    Credits
    Kamil Szczurowski Robert Kruczek
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T18:15:02.945887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T18:15:33.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "com_rsmail",
              "product": "RSMail! component for Joomla",
              "vendor": "rsjoomla.com",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.19.20-1.22.26"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kamil Szczurowski"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Kruczek"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard."
                }
              ],
              "value": "A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard  component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-14T04:36:30.353Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://rsjoomla.com/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2025-30084",
        "datePublished": "2025-06-05T13:20:36.856Z",
        "dateReserved": "2025-03-16T04:33:36.605Z",
        "dateUpdated": "2025-06-14T04:36:30.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30084 (GCVE-0-2025-30084)

    Vulnerability from cvelistv5 – Published: 2025-06-05 13:20 – Updated: 2025-06-14 04:36
    VLAI
    Title
    Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla
    Summary
    A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://rsjoomla.com/ product
    Impacted products
    Credits
    Kamil Szczurowski Robert Kruczek
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-13T18:15:02.945887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-13T18:15:33.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "com_rsmail",
              "product": "RSMail! component for Joomla",
              "vendor": "rsjoomla.com",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.19.20-1.22.26"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kamil Szczurowski"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Kruczek"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard."
                }
              ],
              "value": "A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard  component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-14T04:36:30.353Z",
            "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
            "shortName": "Joomla"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://rsjoomla.com/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "assignerShortName": "Joomla",
        "cveId": "CVE-2025-30084",
        "datePublished": "2025-06-05T13:20:36.856Z",
        "dateReserved": "2025-03-16T04:33:36.605Z",
        "dateUpdated": "2025-06-14T04:36:30.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }