Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
PR:H reflects mandatory admin-level access to inject payload; UI:R for victim page-view; S:C for browser-context scope change; C:L/I:L for session theft and page tampering limited to browser scope.
Primary rating from Vendor (Joomla).
CVSS VectorVendor: Joomla
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
AnalysisAI
Cross-site scripting in Joomla! CMS's generic image output layout enables a high-privileged attacker to inject malicious script payloads that execute in the browsers of other authenticated users who view the affected content. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with high-privilege access (PR:H per CVSS 4.0 - Super Administrator or Administrator role on the target Joomla installation) to inject the XSS payload into the generic image output layout component in the first place. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector scores 5.9 (AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider threat or attacker who has compromised a Super Administrator or Administrator account crafts a malicious payload embedded in an image layout value within the Joomla backend, targeting the generic image output component. When a second authenticated user - such as an editor, manager, or another administrator - navigates to the page that renders the affected image output, the unescaped payload executes as JavaScript in their browser session, allowing the attacker to capture the victim's session cookie and impersonate them across the Joomla backend. … |
| Remediation | Apply the Joomla! … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Joomla Cms
View allTransport encryption downgrade in Joomla! CMS password and username reset workflows causes reset links to be generated w
Arbitrary file deletion in Joomla! CMS com_joomlaupdate component via the autoupdate server mechanism allows remote atta
Authorization bypass in Joomla CMS com_config webservice endpoints allows authenticated attackers with high privileges t
Improper access control in Joomla! CMS webservice endpoints allows unauthorized attackers to bypass authentication and a
Authentication bypass in Joomla! CMS 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumvent multi-factor auth
Two-factor authentication bypass in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumve
Privilege escalation in Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 allows remote attackers to abus
Privilege escalation in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to abuse the com_users
Information disclosure in Joomla! CMS arises because InputFilter::getInstance() builds its instance cache key without in
Local file inclusion in Joomla! CMS versions 3.2.1 through 5.4.5 and 6.0.0 through 6.1.0 allows authenticated high-privi
Cross-site scripting in Joomla! CMS's multilingual associations component (com_associations) allows an authenticated hig
Stored cross-site scripting in Joomla! CMS feed modules allows a high-privileged authenticated attacker to inject unsani
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42062
GHSA-xq54-fg9w-jw52