Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-49486: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in balbooa.com Balbooa Gallery component for Joomla

High
VulnerabilityCVE-2025-49486cvecve-2025-49486cwe-79
Published: Fri Jul 18 2025 (07/18/2025, 09:50:54 UTC)
Source: CVE Database V5
Vendor/Project: balbooa.com
Product: Balbooa Gallery component for Joomla

Description

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.

Technical Details

Data Version
5.1
Assigner Short Name
Joomla
Date Reserved
2025-06-05T13:21:31.503Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 687a1b67a83201eaacf1f467

Added to database: 7/18/2025, 10:01:11 AM

Last updated: 7/18/2025, 10:01:11 AM

Views: 1

Related Threats

CVE-2025-50126: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSBlog! component for Joomla

Medium
VulnerabilityFri Jul 18 2025

CVE-2025-50058: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSDirectory! component for Joomla

Medium
VulnerabilityFri Jul 18 2025

CVE-2025-50057: CWE-400 Uncontrolled Resource Consumption in rsjoomla.com RSFiles! component for Joomla

Medium
VulnerabilityFri Jul 18 2025

CVE-2025-50056: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSMail! component for Joomla

Medium
VulnerabilityFri Jul 18 2025

CVE-2025-49485: CWE-89: Improper Neutralization of Special Elements used in an SQL Command in balbooa.com Balbooa Forms component for Joomla

High
VulnerabilityFri Jul 18 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats