CVE-2024-40748
Description
Lack of output escaping in the id attribute of menu lists.
CWE
- CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
- Joomla! Project / Joomla! CMS — v=3.0.0-3.10.19 [affected]; v=4.0.0-4.4.9 [affected]; v=5.0.0-5.2.2 [affected]
CVSS
- (none)
References
- https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html vendor-advisory
Source
cvelistV5-main/cves/2024/40xxx/CVE-2024-40748.json