CVE-2024-40748 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

Published: Jan 7, 2025
Updated: May 4, 2025
CVE: CVE-2024-40748
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
Joomla / joomla	4.0.0	4.4.10
Joomla / joomla	5.0.0	5.2.3
Joomla / joomla	3.9.0	3.10.20

https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html