CVE-2025-63083
Joomla! Core - [20260102] - XSS vector in the pagebreak pluginLack of output escaping leads to a XSS vector in the pagebreak plugin.
We have discovered 4,670 live websites that are affected by CVE-2025-63083.
Affected Software
| Product |  Joomla |
| Category | Content Management System |
| Vulnerable Domains | 4,670 live websites (2.10% of Joomla install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 39 versions ( 38% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 6, 2026
- Updated - Jan 6, 2026
Credits
- peterhulst (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-63083 United States | 588 websites |
 Germany | 1,275 websites |
 France | 415 websites |
 Italy | 321 websites |
 Russia | 263 websites |
 Netherlands | 256 websites |
 Switzerland | 234 websites |
 Poland | 140 websites |
 GB | 135 websites |
 Austria | 116 websites |
Website Distribution by TLD
Number of websites using CVE-2025-63083| .de | 1,041 websites |
| .com | 913 websites |
| .nl | 237 websites |
| .org | 233 websites |
| .it | 226 websites |
| .fr | 225 websites |
| .ru | 219 websites |
| .ch | 206 websites |
| .net | 117 websites |
| .at | 112 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-63083
Top websites that are affected by CVE-2025-63083. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | **,*** | |
| ******.**.il |  Israel | **,*** | |
| **.******.org | United States | **,*** | |
| *********************.com | United States | ***,*** | |
| *****************.***.pl | Poland | ***,*** | |
| **************.com | France | ***,*** | |
| ****.org |  Spain | ***,*** | |
| ****.***.ph |  Philippines | ***,*** | |
| ******.net | United States | ***,*** | |
| ***************.************.de | Germany | ***,*** |
FAQ
CVE-2025-63083 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Joomla
A total of 4,670 websites have been identified as vulnerable to CVE-2025-63083, based on global website indexing conducted by WebTechSurvey.
The Joomla is affected by the CVE-2025-63083 vulnerability.
Joomla versions up to and including 6.0.1 are vulnerable to CVE-2025-63083.