Search criteria
102 vulnerabilities by Joomla! Project
CVE-2026-35221 (GCVE-0-2026-35221)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:46 – Updated: 2026-05-27 09:15
VLAI
Title
Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
Summary
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1038… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
6.0.0-6.1.0
Affected: 5.4.0-5.4.5 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:48:47.050683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:09:03.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "6.0.0-6.1.0"
},
{
"status": "affected",
"version": "5.4.0-5.4.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrian Junge aka vurlo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
}
],
"value": "Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:15:29.303Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1038-20260506-core-authenticated-blind-sqli-in-com-finder.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-35221",
"datePublished": "2026-05-26T16:46:10.415Z",
"dateReserved": "2026-04-01T19:23:13.196Z",
"dateUpdated": "2026-05-27T09:15:29.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48903 (GCVE-0-2026-48903)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:46 – Updated: 2026-05-27 09:15
VLAI
Title
Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Summary
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1051… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! Framework Filter package |
Affected:
1.0.0-3.0.5
Affected: 4.0.0-4.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:48:55.382555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:09:17.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! Framework Filter package",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "1.0.0-3.0.5"
},
{
"status": "affected",
"version": "4.0.0-4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JSST"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components."
}
],
"value": "Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:15:23.009Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1051-20260519-framework-inadequate-content-filtering-within-the-checkattribute-filter-code.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48903",
"datePublished": "2026-05-26T16:46:05.152Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:15:23.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48896 (GCVE-0-2026-48896)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:15
VLAI
Title
Joomla! Core - [20260511] - MFA Authentication Bypass
Summary
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Severity
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1043… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T18:56:43.158826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:57:20.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec in collaboration with Claude and Anthropic Research"
},
{
"lang": "en",
"type": "finder",
"value": "Christos Papakonstantinou, Cantina"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
}
],
"value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:15:12.329Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1043-20260511-core-mfa-authentication-bypass.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260511] - MFA Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48896",
"datePublished": "2026-05-26T16:45:55.573Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:15:12.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35220 (GCVE-0-2026-35220)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
VLAI
Title
Joomla! Core - [20260505] - CSRF in user activation endpoint
Summary
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
Severity
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1037… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
6.0.0-6.1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:49:20.616038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:09:30.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sun HuangnSec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
}
],
"value": "Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:14:34.686Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260505] - CSRF in user activation endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-35220",
"datePublished": "2026-05-26T16:45:19.690Z",
"dateReserved": "2026-04-01T19:23:13.196Z",
"dateUpdated": "2026-05-27T09:14:34.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40383 (GCVE-0-2026-40383)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
VLAI
Title
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Summary
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
Severity
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1041… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.2.1-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T18:58:29.241684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:59:09.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.1-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec in collaboration with Claude and Anthropic Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
}
],
"value": "An improper validation of user-supplied input leads to a local file inclusion vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:14:28.517Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1041-20260509-core-lfi-in-htmlview-layout-parameter.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260509] - LFI in HTMLView layout parameter",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-40383",
"datePublished": "2026-05-26T16:45:14.402Z",
"dateReserved": "2026-04-12T05:13:31.714Z",
"dateUpdated": "2026-05-27T09:14:28.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35222 (GCVE-0-2026-35222)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-26 16:45
VLAI
Title
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Summary
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1039… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
6.0.0-6.1.0
Affected: 4.0.0-5.4.5 |
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "6.0.0-6.1.0"
},
{
"status": "affected",
"version": "4.0.0-5.4.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrian Junge aka vurlo"
},
{
"lang": "en",
"type": "finder",
"value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
}
],
"value": "Improperly validated order clauses lead to a SQL injection vulnerability in com_tags."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:45:13.390Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-35222",
"datePublished": "2026-05-26T16:45:13.390Z",
"dateReserved": "2026-04-01T19:23:13.196Z",
"dateUpdated": "2026-05-26T16:45:13.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40384 (GCVE-0-2026-40384)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
VLAI
Title
Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
Summary
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
Severity
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1042… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T19:17:10.492296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T19:17:18.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec in collaboration with Claude and Anthropic Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
}
],
"value": "An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:14:15.239Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1042-20260510-core-path-traversal-in-com-media-webservice-endpoint.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-40384",
"datePublished": "2026-05-26T16:45:02.051Z",
"dateReserved": "2026-04-12T05:13:31.714Z",
"dateUpdated": "2026-05-27T09:14:15.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48905 (GCVE-0-2026-48905)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-27 09:14
VLAI
Title
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Summary
Lack of input filtering leads to an XSS vector in the HTML filter code.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1052… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! Framework Filter package |
Affected:
1.0.0-3.0.5
Affected: 4.0.0-4.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:50:04.513114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:09:45.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! Framework Filter package",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "1.0.0-3.0.5"
},
{
"status": "affected",
"version": "4.0.0-4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jesper den Boer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of input filtering leads to an XSS vector in the HTML filter code."
}
],
"value": "Lack of input filtering leads to an XSS vector in the HTML filter code."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:14:13.346Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1052-20260520-framework-inadequate-content-filtering-within-the-cleanattributes-filter-code.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48905",
"datePublished": "2026-05-26T16:45:00.666Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:14:13.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48897 (GCVE-0-2026-48897)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:14
VLAI
Title
Joomla! Core - [20260512] - MFA Authentication Bypass
Summary
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Severity
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1044… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T19:19:17.612461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T19:19:26.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Morris Baumgarten-Egemole"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
}
],
"value": "Insufficient state checks lead to a vector that allows to bypass 2FA checks."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:14:05.696Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1044-20260512-core-mfa-authentication-bypass.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260512] - MFA Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48897",
"datePublished": "2026-05-26T16:44:53.779Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:14:05.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25901 (GCVE-0-2026-25901)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:28
VLAI
Title
Joomla! Core - [20260502] - XSS in com_associations
Summary
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1034… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:49:52.442848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:10:00.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vnth4nhnt from CyStack"
},
{
"lang": "en",
"type": "finder",
"value": "Aisle Research, Pavel Kohout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
}
],
"value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:28:14.477Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1034-20260502-core-xss-in-com-associations.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260502] - XSS in com_associations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-25901",
"datePublished": "2026-05-26T16:44:25.314Z",
"dateReserved": "2026-02-07T04:53:10.344Z",
"dateUpdated": "2026-05-27T09:28:14.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48899 (GCVE-0-2026-48899)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:44 – Updated: 2026-05-27 09:13
VLAI
Title
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Summary
An improper access check allows privilege escalation through the com_users batch task.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1047… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:50.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u5ed6\u53cc"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allows privilege escalation through the com_users batch task."
}
],
"value": "An improper access check allows privilege escalation through the com_users batch task."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:13:16.497Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48899",
"datePublished": "2026-05-26T16:44:06.616Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:13:16.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48900 (GCVE-0-2026-48900)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
Summary
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1048… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.1.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:39:11.873493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:39:19.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.1.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
}
],
"value": "An improper access check allowed low privileged users to edit the task types of existing scheduler tasks."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:59.814Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1048-20260516-core-incorrect-access-control-in-com-scheduler.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48900",
"datePublished": "2026-05-26T16:43:51.153Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:12:59.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48902 (GCVE-0-2026-48902)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-28 13:23
VLAI
Title
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
Summary
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
Severity
9.8 (Critical)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1050… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.9.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:23:36.738591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:23:59.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.9.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@ZeroXJacks, https://github.com/ZeroXJacks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
}
],
"value": "The password and username reset features created plain http links for https connections if the \"Force SSL\" flag wasn\u0027t explicitly set."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:43:32.835Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48902",
"datePublished": "2026-05-26T16:43:32.835Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-28T13:23:59.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35223 (GCVE-0-2026-35223)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
Summary
An improper access check allows unauthorized access to com_config webservice endpoints.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1040… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:48.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rishi Shakya"
},
{
"lang": "en",
"type": "finder",
"value": "Qi Deng"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allows unauthorized access to com_config webservice endpoints."
}
],
"value": "An improper access check allows unauthorized access to com_config webservice endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:29.087Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1040-20260508-core-improper-access-check-in-com-config-webservice-endpoints.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-35223",
"datePublished": "2026-05-26T16:43:21.784Z",
"dateReserved": "2026-04-01T19:23:13.196Z",
"dateUpdated": "2026-05-27T09:12:29.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25900 (GCVE-0-2026-25900)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260501] - XSS in feed modules
Summary
Lack of output escaping leads to a XSS vector in the feed modules.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1033… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:27:08.169302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:27:18.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohamed Elabbas"
},
{
"lang": "en",
"type": "finder",
"value": "Sun Huang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the feed modules."
}
],
"value": "Lack of output escaping leads to a XSS vector in the feed modules."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:20.038Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1033-20260501-core-xss-in-feed-modules.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260501] - XSS in feed modules",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-25900",
"datePublished": "2026-05-26T16:43:13.780Z",
"dateReserved": "2026-02-07T04:53:10.343Z",
"dateUpdated": "2026-05-27T09:12:20.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48904 (GCVE-0-2026-48904)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
Summary
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1046… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:46.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christos Papakonstantinou, Cantina"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allows privelege escalation through the com_users group editing webservice endpoint."
}
],
"value": "An improper access check allows privelege escalation through the com_users group editing webservice endpoint."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:13.794Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1046-20260514-core-privilege-escalation-through-com-users-webservice-endpoints.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48904",
"datePublished": "2026-05-26T16:43:08.503Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:12:13.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30895 (GCVE-0-2026-30895)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:43 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260504] - XSS in readmore links
Summary
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1036… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:25:34.231206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:26:53.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "peterhulst"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the readmore links for com_content."
}
],
"value": "Lack of output escaping leads to a XSS vector in the readmore links for com_content."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:08.924Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1036-20260504-core-xss-in-readmore-links"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260504] - XSS in readmore links",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-30895",
"datePublished": "2026-05-26T16:43:03.205Z",
"dateReserved": "2026-03-06T04:55:46.057Z",
"dateUpdated": "2026-05-27T09:12:08.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48898 (GCVE-0-2026-48898)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:42 – Updated: 2026-05-27 09:12
VLAI
Title
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Summary
An improper access check allows privilege escalation through the com_users batch task.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1045… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:45.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christos Papakonstantinou, Cantina"
},
{
"lang": "en",
"type": "finder",
"value": "Adrian Junge, vulno"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allows privilege escalation through the com_users batch task."
}
],
"value": "An improper access check allows privilege escalation through the com_users batch task."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T09:12:03.902Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1045-20260513-core-privilege-escalation-through-com-users-batch-task.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260513] - Privilege escalation through com_users batch task",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48898",
"datePublished": "2026-05-26T16:42:59.328Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-27T09:12:03.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30894 (GCVE-0-2026-30894)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:42 – Updated: 2026-05-26 16:42
VLAI
Title
Joomla! Core - [20260503] - XSS in com_contenthistory
Summary
Lack of output escaping leads to a XSS vector in the content history component.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1035… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phan Phan Hai Long"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the content history component."
}
],
"value": "Lack of output escaping leads to a XSS vector in the content history component."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:42:58.268Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1035-20260503-core-xss-in-com-contenthistory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260503] - XSS in com_contenthistory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-30894",
"datePublished": "2026-05-26T16:42:58.268Z",
"dateReserved": "2026-03-06T04:55:46.056Z",
"dateUpdated": "2026-05-26T16:42:58.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48901 (GCVE-0-2026-48901)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:42 – Updated: 2026-05-28 13:20
VLAI
Title
Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
Summary
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
Severity
7.5 (High)
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1049… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.5
Affected: 6.0.0-6.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:18:22.218493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:20:50.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.5"
},
{
"status": "affected",
"version": "6.0.0-6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@ZeroXJacks, https://github.com/ZeroXJacks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key."
}
],
"value": "The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:42:41.476Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1049-20260517-core-incorrect-cache-key-construction-for-inputfilter-objects.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48901",
"datePublished": "2026-05-26T16:42:41.476Z",
"dateReserved": "2026-05-26T10:06:17.656Z",
"dateUpdated": "2026-05-28T13:20:50.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21630 (GCVE-0-2026-21630)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-01 19:33
VLAI
Title
Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
Summary
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1028… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T12:40:10.198406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T12:40:42.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Antonio Morales from GitHub Security Lab Taskflow Agent"
},
{
"lang": "en",
"type": "finder",
"value": "vnth4nhnt from CyStack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint."
}
],
"value": "Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:33:26.760Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1028-20260302-core-sql-injection-in-com-content-articles-webservice-endpoint.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-21630",
"datePublished": "2026-04-01T09:03:49.098Z",
"dateReserved": "2026-01-01T04:42:27.960Z",
"dateUpdated": "2026-04-01T19:33:26.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23898 (GCVE-0-2026-23898)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-02 05:10
VLAI
Title
Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Summary
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
Severity
CWE
- CWE-73 - Destructive File Deletion and Potential System Compromise
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1031… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:03.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phil Taylor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism."
}
],
"value": "Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 Destructive File Deletion and Potential System Compromise",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T05:10:20.113Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1031-20260305-core-arbitrary-file-deletion-in-com-joomlaupdate.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-23898",
"datePublished": "2026-04-01T09:03:40.185Z",
"dateReserved": "2026-01-17T04:38:44.008Z",
"dateUpdated": "2026-04-02T05:10:20.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21629 (GCVE-0-2026-21629)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-01 19:32
VLAI
Title
Joomla! Core - [20260301] - ACL hardening in com_ajax
Summary
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1027… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T12:44:04.901543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T12:44:22.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers."
}
],
"value": "The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:32:37.680Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1027-20260301-core-acl-hardening-in-com-ajax.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260301] - ACL hardening in com_ajax",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-21629",
"datePublished": "2026-04-01T09:03:37.772Z",
"dateReserved": "2026-01-01T04:42:27.960Z",
"dateUpdated": "2026-04-01T19:32:37.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23899 (GCVE-0-2026-23899)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-02 07:56
VLAI
Title
Joomla! Core - [20260306] - Improper access check in webservice endpoints
Summary
An improper access check allows unauthorized access to webservice endpoints.
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1032… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:04.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vnth4nhnt from CyStack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access check allows unauthorized access to webservice endpoints."
}
],
"value": "An improper access check allows unauthorized access to webservice endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T07:56:08.444Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1032-20260306-core-improper-access-check-in-webservice-endpoints.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260306] - Improper access check in webservice endpoints",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-23899",
"datePublished": "2026-04-01T09:03:18.563Z",
"dateReserved": "2026-01-17T04:38:44.009Z",
"dateUpdated": "2026-04-02T07:56:08.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21631 (GCVE-0-2026-21631)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-02 05:09
VLAI
Title
Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Summary
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1029… | vendor-advisory |
| https://github.com/Shirshaw64p/security-advisorie… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:05.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shirsendu Mondal \u0026 Md Tanzimul Alam Fahim, UNC Pembroke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
}
],
"value": "Lack of output escaping leads to a XSS vector in the multilingual associations component."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T05:09:59.076Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1029-20260303-core-xss-vector-in-com-associations-comparison-view.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/Shirshaw64p/security-advisories/tree/main/CVE-2026-21631"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260303] - XSS vector in com_associations comparison view",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-21631",
"datePublished": "2026-04-01T09:03:17.208Z",
"dateReserved": "2026-01-01T04:42:27.960Z",
"dateUpdated": "2026-04-02T05:09:59.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21632 (GCVE-0-2026-21632)
Vulnerability from cvelistv5 – Published: 2026-04-01 09:03 – Updated: 2026-04-02 05:09
VLAI
Title
Joomla! Core - [20260304] - XSS vectors in various article title outputs
Summary
Lack of output escaping for article titles leads to XSS vectors in various locations.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1030… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.3
Affected: 6.0.0-6.0.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:06.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.3"
},
{
"status": "affected",
"version": "6.0.0-6.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "peterhulst"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping for article titles leads to XSS vectors in various locations."
}
],
"value": "Lack of output escaping for article titles leads to XSS vectors in various locations."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T05:09:54.642Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1030-20260304-core-xss-vectors-in-various-article-title-outputs.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260304] - XSS vectors in various article title outputs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-21632",
"datePublished": "2026-04-01T09:03:11.213Z",
"dateReserved": "2026-01-01T04:42:27.961Z",
"dateUpdated": "2026-04-02T05:09:54.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-63082 (GCVE-0-2025-63082)
Vulnerability from cvelistv5 – Published: 2026-01-06 16:01 – Updated: 2026-01-06 17:45
VLAI
Title
Joomla! Core - [20260101] - Inadequate content filtering for data URLs
Summary
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1016… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-5.4.1
Affected: 6.0.0-6.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-63082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T17:45:07.619680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T17:45:21.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-5.4.1"
},
{
"status": "affected",
"version": "6.0.0-6.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sho Sugiyama of SUZUKI MOTOR CORPORATION"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags."
}
],
"value": "Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T16:01:38.720Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1016-20260101-core-inadequate-content-filtering-for-data-urls.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260101] - Inadequate content filtering for data URLs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-63082",
"datePublished": "2026-01-06T16:01:38.720Z",
"dateReserved": "2025-10-26T04:33:45.334Z",
"dateUpdated": "2026-01-06T17:45:21.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-63083 (GCVE-0-2025-63083)
Vulnerability from cvelistv5 – Published: 2026-01-06 16:01 – Updated: 2026-01-06 18:56
VLAI
Title
Joomla! Core - [20260102] - XSS vector in the pagebreak plugin
Summary
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1017… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.9.0-5.4.1
Affected: 6.0.0-6.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-63083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T18:49:28.603543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:56:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.9.0-5.4.1"
},
{
"status": "affected",
"version": "6.0.0-6.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "peterhulst"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of output escaping leads to a XSS vector in the pagebreak plugin."
}
],
"value": "Lack of output escaping leads to a XSS vector in the pagebreak plugin."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T16:01:15.123Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1017-20260102-core-xss-vector-in-the-pagebreak-plugin.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20260102] - XSS vector in the pagebreak plugin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-63083",
"datePublished": "2026-01-06T16:01:15.123Z",
"dateReserved": "2025-10-26T04:33:45.335Z",
"dateUpdated": "2026-01-06T18:56:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54477 (GCVE-0-2025-54477)
Vulnerability from cvelistv5 – Published: 2025-09-30 16:02 – Updated: 2025-10-01 04:34
VLAI
Title
Joomla! Core - [20250902] User-Enumeration in passkey authentication method
Summary
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
Severity
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1011… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
4.0.0-4.4.13
Affected: 5.0.0-5.3.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T17:43:46.747977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:43:49.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "4.0.0-4.4.13"
},
{
"status": "affected",
"version": "5.0.0-5.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Schubert"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method."
}
],
"value": "Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T04:34:47.521Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1011-20250902-core-user-enumeration-in-passkey-authentication-method.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20250902] User-Enumeration in passkey authentication method",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54477",
"datePublished": "2025-09-30T16:02:40.036Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-10-01T04:34:47.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54476 (GCVE-0-2025-54476)
Vulnerability from cvelistv5 – Published: 2025-09-30 16:02 – Updated: 2025-10-01 04:34
VLAI
Title
Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code
Summary
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://developer.joomla.org/security-centre/1010… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-3.10.20
Affected: 4.0.0-4.4.13 Affected: 5.0.0-5.3.3 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T17:11:51.164339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T17:12:24.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.10.20"
},
{
"status": "affected",
"version": "4.0.0-4.4.13"
},
{
"status": "affected",
"version": "5.0.0-5.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Flydragon, Poi, Cwy, Xtrimi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class."
}
],
"value": "Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T04:34:46.488Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/1010-20250901-core-inadequate-content-filtering-within-the-checkattribute-filter-code.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54476",
"datePublished": "2025-09-30T16:02:38.757Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-10-01T04:34:46.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}