CVE-2025-27444

Name of the Vulnerable Software and Affected Versions RSform!Pro component versions 3.0.0 through 3.3.13 for Joomla

Description A reflected XSS issue was discovered, arising from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

Recommendations For RSform!Pro component versions 3.0.0 through 3.3.13, consider updating to a version that properly escapes the filter[dateFrom] parameter to prevent reflected XSS attacks. As a temporary workaround, restrict access to the administrative backend interface to minimize the risk of exploitation. Avoid using the filter[dateFrom] parameter in malicious ways until the issue is resolved.