CVE-2026-21632

| EUVD-2026-17859 MEDIUM
2026-04-01 Joomla GHSA-w5f8-qggr-8844
5.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 01, 2026 - 10:00 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 10:00 euvd
EUVD-2026-17859
CVE Published
Apr 01, 2026 - 09:03 nvd
MEDIUM 5.9

Tags

XSS

Description

Lack of output escaping for article titles leads to XSS vectors in various locations.

Analysis

Joomla CMS fails to properly escape article titles in output, enabling stored cross-site scripting (XSS) attacks across multiple locations. Attackers with article creation or editing privileges can inject malicious scripts into article titles that execute in the browsers of site visitors, potentially compromising user sessions, stealing credentials, or defacing content. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2026-21632 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy