{"id":"CVE-2024-40748","details":"Lack of output escaping in the id attribute of menu lists.","aliases":["BIT-joomla-2024-40748"],"modified":"2026-04-10T05:15:33.742940Z","published":"2025-01-07T17:15:23.587Z","references":[{"type":"ADVISORY","url":"https://developer.joomla.org/security-centre/955-20250102-core-xss-vector-in-the-id-attribute-of-menu-lists.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/joomla/joomla-cms","events":[{"introduced":"5f20de27b9640124ba185670a36ec40ebc9ec3f9"},{"fixed":"a214bde03d2f68c6155ad21c8516bde6b58291cb"},{"introduced":"0e23b165e580270f5b53f9dc0c5fd17011f4bf87"},{"fixed":"ac793f392ed1654b062a30f2aa4cdff3d9cb6178"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.4.10"},{"introduced":"5.0.0"},{"fixed":"5.2.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40748.json","unresolved_ranges":[{"events":[{"introduced":"3.9.0"},{"fixed":"3.10.20"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}