AIKIDO-2025-10671
joomla/filter is vulnerable to Improper Input Validation
71
High Risk
This Affects:
joomla/filterTL;DR
Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) due to improper input validation in the checkAttribute function. This validation can be easily bypassed because attackers have various ways to execute scripts without relying on well-known evasion characters. For example, an attacker can inject event handlers like onclick or onmouseover without any whitespace (e.g., <img/src=x onerror=alert(1)>). They may also use alternative encoding methods, such as HTML entities, or exploit other HTML elements and attributes that are not properly sanitized. As a result, attackers can execute malicious JavaScript in the victim's browser.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
joomla/filter is vulnerable to Improper Input Validation in versions 2.0.0 - 2.0.5, 3.0.0 - 3.0.4 and 4.0.0 - 4.0.0.
How to fix this
Upgrade the joomla/filter library to the patch version.
Links
GitHub Release
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant