Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN018
_____________________________________________________________________

DATE                : 12/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Joomla! CMS versions prior to
                                   5.4.2, 6.0.2.

=====================================================================
https://developer.joomla.org/security-centre/1017-20260102-core-xss-vector-in-the-pagebreak-plugin.html
https://developer.joomla.org/security-centre/1016-20260101-core-inadequate-content-filtering-for-data-urls.html
_____________________________________________________________________


Security Announcements
[20260102] - Core - XSS vectors in the pagebreak and pagenavigation
plugins

    Project: Joomla!
    SubProject: CMS
    Impact: Moderate
    Severity: Moderate
    Probability: Low
    Versions: 3.9.0-5.4.1, 6.0.0-6.0.1
    Exploit type: XSS
    Reported Date: 2025-09-29
    Fixed Date: 2026-01-06
    CVE Number: CVE-2025-63083

Description
Lack of output escaping leads to a XSS vector in the pagebreak and
pagenavigation plugins.


Affected Installs

Joomla! CMS versions 3.9.0-5.4.1, 6.0.0-6.0.1


Solution

Upgrade to version 5.4.2 or 6.0.2


Contact

The JSST at the Joomla! Security Centre.
Reported By:  peterhulst

_____________________________________________________________________


Security Announcements
[20260101] - Core - Inadequate content filtering for data URLs

    Project: Joomla!
    SubProject: CMS
    Impact: Moderate
    Severity: Moderate
    Probability: Low
    Versions: 4.0.0-5.4.1, 6.0.0-6.0.1
    Exploit type: XSS
    Reported Date: 2025-11-14
    Fixed Date: 2026-01-06
    CVE Number: CVE-2025-63082

Description
Lack of input filtering leads to an XSS vector in the HTML filter code
related to data URLs in img tags.


Affected Installs

Joomla! CMS versions 4.0.0-5.4.1, 6.0.0-6.0.1


Solution

Upgrade to version 5.4.2 or 6.0.2


Contact

The JSST at the Joomla! Security Centre.
Reported By:  Sho Sugiyama of SUZUKI MOTOR CORPORATION



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================