Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
AnalysisAI
Cross-site scripting in the Joomla! Framework Filter package exposes applications to script injection through inadequately sanitized HTML attribute values in the checkAttribute methods. Authenticated users holding high-level privileges can inject malicious content that executes in the browser of any user who subsequently views the affected page. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% at the 0th percentile confirms minimal current exploitation interest across the security community.
Technical ContextAI
The Joomla! Framework Filter package (CPE: cpe:2.3:a:joomla!_project:joomla!_framework_filter_package) is a PHP library used by Joomla!-based applications to sanitize HTML input - including attribute values - before rendering in web pages. The checkAttribute methods are responsible for evaluating and stripping unsafe HTML attribute content. CWE-79 (Improper Neutralization of Input During Web Page Generation) identifies the root cause: user-supplied attribute values are not adequately encoded or stripped before being written into the HTML output, allowing injected JavaScript to be interpreted by the victim's browser. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:P) confirms the flaw is reachable over the network with low complexity, but requires high privileges to inject and passive user interaction to trigger, consistent with a stored XSS pattern where a privileged user writes malicious content that later executes for visiting users.
RemediationAI
Upgrade the Joomla! Framework Filter package to a version beyond 3.0.5 for the 1.x-3.x branch, or to a version beyond 4.0.1 for the 4.x branch. The precise patched release version is not explicitly stated in the provided intelligence data and must be confirmed via the Joomla security advisory at https://developer.joomla.org/security-centre/1051-20260519-framework-inadequate-content-filtering-within-the-checkattribute-filter-code.html or the package's Packagist release history before upgrading. As a compensating control prior to patching, restrict content-creation and HTML-input interfaces exclusively to the most trusted administrator accounts, reducing the pool of identities capable of injecting malicious attribute values. Note that this control does not eliminate the vulnerability - it only limits who can trigger it.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31891
GHSA-r82q-7896-84h5