Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (Joomla) · only source for this CVE.
CVSS VectorVendor: Joomla
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
K2 ≤ 2.26 renders the #__k2_users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping.
Analysis
K2 ≤ 2.26 renders the #__k2_users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More in K2 Extension For Joomla
View allPath traversal in the K2 extension for Joomla (versions 1.0-2.26) allows authenticated Authors to copy arbitrary web-rea
Mass-assignment in the K2 Extension for Joomla (versions up to 2.24 per CVE description, up to 2.26 per EUVD-2026-39438)
Unauthorized folder deletion in the K2 Extension for Joomla (versions 1.0 through 2.26) exposes a public-facing `item.ch
Unrestricted PHP file upload in K2 extension for Joomla (versions 1.0–2.26) enables any authenticated K2 Author to achie
Unrestricted file upload in K2 Extension for Joomla (versions 1.0 through 2.26) permits attackers to embed PHP scripts i
Stored cross-site scripting in K2 extension for Joomla (versions 1.0-2.26) allows an authenticated Author-tier user to i
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39439
GHSA-5hmf-7m33-2v23