PatchSiren cyber security CVE debrief
CVE-2018-25330 Unknown Vendor CVE debrief
CVE-2018-25330 describes two web application weaknesses in the Joomla EkRishta 2.10 extension: persistent cross-site scripting in stored profile fields and SQL injection through POST input to the user_setting endpoint. In practical terms, attackers could place malicious script content into profile information such as Address so it executes when other users view the profile, or submit crafted phone_no input to influence backend database queries. The supplied NVD record assigns a high-severity rating and lists CWE-89 as the primary weakness.
- Vendor
- Unknown Vendor
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-17
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-17
- Advisory updated
- 2026-05-18
Who should care
Organizations running Joomla sites that use the EkRishta 2.10 extension, especially deployments that expose user profile editing, profile viewing, or the user_setting workflow. Security teams responsible for web application input validation, content filtering, and Joomla extension inventory should treat this as relevant.
Technical summary
The NVD record and supplied description indicate stored/persistent XSS affecting profile fields and SQL injection affecting the phone_no parameter on the user_setting endpoint. The SQL injection component is categorized as CWE-89 in the source record. Because the input is handled in user-facing profile and POST paths, the risk includes unauthorized query manipulation and script execution in other users' browsers when poisoned profile data is rendered.
Defensive priority
High. Prioritize if EkRishta 2.10 is installed or if similar profile-editing functionality is in use, because the issue combines a high CVSS score with both stored XSS and SQL injection exposure.
Recommended defensive actions
- Confirm whether Joomla EkRishta 2.10 is installed anywhere in the environment.
- Remove, replace, or update the extension using the official vendor or Joomla extension channel if a fixed version is available.
- Audit profile fields and the user_setting endpoint for server-side input validation and output encoding gaps.
- Review stored profile content for unexpected script or HTML payloads and review application logs for suspicious POST activity involving phone_no.
- Check database logs and application errors for signs of query manipulation or unexpected SQL exceptions.
- If exploitation is suspected, isolate the affected site, inspect exposed user data, and remediate before restoring normal access.
Evidence notes
This debrief is based on the supplied NVD CVE record, which explicitly describes persistent cross-site scripting and SQL injection in EkRishta 2.10 and tags the issue with CWE-89. The corpus also includes third-party reference links to the Joomla Extensions Directory, Exploit-DB, a Joomla extensions site, and a VulnCheck advisory, but their contents were not separately provided here. Vendor attribution in the supplied data is weak, so the product and extension name are treated as the primary supported identifiers.
Official resources
The supplied NVD record shows the CVE published and modified on 2026-05-17; no separate vendor disclosure date was provided in the corpus.