Skip to main content

Joomla! CMS EUVDEUVD-2026-42070

| CVE-2026-48952 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-07 Joomla GHSA-h46f-m4f9-8xcq
5.9
CVSS 4.0 · Vendor: Joomla
Share

Severity by source

Vendor (Joomla) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Network-delivered XSS requires admin authentication (PR:H) and user interaction (UI:R); scope changes to victim browser context (S:C) with limited C/I impact from session exposure.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Joomla).

CVSS VectorVendor: Joomla

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 19:00 vuln.today

DescriptionCVE.org

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

AnalysisAI

Cross-site scripting in Joomla! CMS's com_installer component exposes the administrator backend to script injection via the update list view, stemming from missing output escaping (CWE-79). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise Joomla admin credentials
Delivery
Authenticate to administrator backend
Exploit
Inject unescaped payload into update list data
Execution
Victim admin loads com_installer update list view
Persist
XSS executes in admin browser
Impact
Steal session token or perform unauthorized admin actions

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker already hold or have compromised a Joomla account with high administrator privileges (PR:H per CVSS 4.0 vector) - standard contributor or registered user accounts are insufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.9 with vector AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N reflects a meaningful but access-gated vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a high-privilege Joomla administrator account - through credential theft, phishing, or brute force - manipulates update-related data visible in the com_installer update list view to inject a malicious JavaScript payload. When a legitimate administrator next browses the update list, the unescaped payload executes in their browser, enabling session token theft or triggering unauthorized administrative actions on their behalf. …
Remediation Consult the Joomla security advisory at https://developer.joomla.org/security-centre/1060-20260706-core-xss-in-com-installer.html for the exact patched release version and apply the vendor-released update; a specific fixed version number is not confirmed from the available input data and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-48902 CRITICAL
9.8 May 26

Transport encryption downgrade in Joomla! CMS password and username reset workflows causes reset links to be generated w

CVE-2026-23898 HIGH
8.6 Apr 01

Arbitrary file deletion in Joomla! CMS com_joomlaupdate component via the autoupdate server mechanism allows remote atta

CVE-2026-35223 HIGH
8.6 May 26

Authorization bypass in Joomla CMS com_config webservice endpoints allows authenticated attackers with high privileges t

CVE-2026-23899 HIGH POC
8.6 Apr 01

Improper access control in Joomla! CMS webservice endpoints allows unauthorized attackers to bypass authentication and a

CVE-2026-48897 HIGH
8.2 May 26

Authentication bypass in Joomla! CMS 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumvent multi-factor auth

CVE-2026-48896 HIGH
8.2 May 26

Two-factor authentication bypass in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumve

CVE-2026-48904 HIGH
8.2 May 26

Privilege escalation in Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 allows remote attackers to abus

CVE-2026-48898 HIGH
8.2 May 26

Privilege escalation in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to abuse the com_users

CVE-2026-48901 HIGH
7.5 May 26

Information disclosure in Joomla! CMS arises because InputFilter::getInstance() builds its instance cache key without in

CVE-2026-40383 HIGH
7.5 May 26

Local file inclusion in Joomla! CMS versions 3.2.1 through 5.4.5 and 6.0.0 through 6.1.0 allows authenticated high-privi

CVE-2026-25901 MEDIUM
6.9 May 26

Cross-site scripting in Joomla! CMS's multilingual associations component (com_associations) allows an authenticated hig

CVE-2026-25900 MEDIUM
6.9 May 26

Stored cross-site scripting in Joomla! CMS feed modules allows a high-privileged authenticated attacker to inject unsani

Share

EUVD-2026-42070 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy