CVE-2025-30084 is a stored Cross-Site Scripting (XSS) vulnerability identified in the RSMail! component versions 1.19.20 through 1.22.26 for the Joomla content management system. This vulnerability arises due to improper neutralization of user-supplied input within the dashboard component of RSMail!, where input fields do not adequately sanitize or encode data before storing and rendering it. An attacker can exploit this flaw by injecting malicious JavaScript code into text fields or other input vectors that are saved in the backend. When legitimate users access the dashboard and interact with the crafted input, the malicious script executes in their browsers. This can lead to session hijacking, credential theft, unauthorized actions on behalf of the user, or further malware delivery. The vulnerability has a CVSS v3.1 base score of 6.1, indicating a medium severity level. The attack vector is network-based with low attack complexity, requiring no privileges but does require user interaction (clicking the crafted text). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable module, potentially impacting other parts of the Joomla installation. No known public exploits have been reported yet, and no patches are currently linked, suggesting that mitigation relies on vendor updates or manual input sanitization. The vulnerability is classified under CWE-79, which is a common and well-understood web application security issue related to improper input validation and output encoding.

For European organizations using Joomla with the RSMail! component, this vulnerability poses a significant risk to the confidentiality and integrity of user sessions and data. Since Joomla is widely used in Europe for websites ranging from SMEs to public sector portals, exploitation could lead to unauthorized access to sensitive information, defacement of websites, or distribution of malware to site visitors. The stored nature of the XSS means that once injected, the malicious payload persists and can affect multiple users, increasing the attack surface. This is particularly concerning for organizations handling personal data under GDPR, as exploitation could result in data breaches and regulatory penalties. Additionally, compromised administrative dashboards could allow attackers to escalate privileges or pivot to other internal systems. The medium severity score reflects that while availability is not directly impacted, the potential for data leakage and user impersonation is notable. The requirement for user interaction (clicking the malicious content) somewhat limits the ease of exploitation but does not eliminate the risk, especially in environments where multiple users access the dashboard regularly.

European organizations should prioritize updating the RSMail! component to a version where this vulnerability is patched once available. Until an official patch is released, administrators should implement strict input validation and output encoding on all user-supplied data within the dashboard, potentially through custom Joomla plugins or web application firewalls (WAFs) that can detect and block malicious scripts. Restricting dashboard access to trusted IP ranges and enforcing multi-factor authentication can reduce the risk of exploitation. Regular security audits and code reviews of custom Joomla extensions should be conducted to identify similar issues. Additionally, educating users about the risks of clicking untrusted content within administrative interfaces can help mitigate social engineering aspects. Monitoring logs for unusual input patterns or script injections and employing Content Security Policy (CSP) headers can further reduce the impact of any successful injection. Backup and incident response plans should be updated to quickly remediate any compromise stemming from this vulnerability.