Skip to main content

4Analytics Extension For Joomla

2 CVEs product

Monthly

CVE-2026-58077 HIGH This Week

Unauthenticated stored cross-site scripting in the 4Analytics analytics extension for Joomla (by weeblr.com) lets a remote attacker inject persistent JavaScript through a specially crafted request, with no login required. Because the payload is stored and later rendered in a privileged context, it can escalate to full website takeover under some conditions. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

XSS 4Analytics Extension For Joomla
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-57833 HIGH This Week

Stored cross-site scripting in the 4Analytics privacy analytics extension for Joomla (by weeblr.com) lets unauthenticated attackers inject persistent JavaScript that executes when a victim views the AI analysis feature. Because injection requires no authentication (PR:N) but execution requires a victim to open the affected view (UI:A), an attacker can seed malicious script that later runs in a privileged operator's browser session. There is no public exploit identified at time of analysis and the extension is not listed in CISA KEV.

XSS 4Analytics Extension For Joomla
NVD
CVSS 4.0
8.6
EPSS
0.4%
EPSS 0% CVSS 8.7
HIGH This Week

Unauthenticated stored cross-site scripting in the 4Analytics analytics extension for Joomla (by weeblr.com) lets a remote attacker inject persistent JavaScript through a specially crafted request, with no login required. Because the payload is stored and later rendered in a privileged context, it can escalate to full website takeover under some conditions. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

XSS 4Analytics Extension For Joomla
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Stored cross-site scripting in the 4Analytics privacy analytics extension for Joomla (by weeblr.com) lets unauthenticated attackers inject persistent JavaScript that executes when a victim views the AI analysis feature. Because injection requires no authentication (PR:N) but execution requires a victim to open the affected view (UI:A), an attacker can seed malicious script that later runs in a privileged operator's browser session. There is no public exploit identified at time of analysis and the extension is not listed in CISA KEV.

XSS 4Analytics Extension For Joomla
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy