Cross-Site Scripting Vulnerability in Joomla Article Titles by Joomla
CVE-2026-21632

5.9MEDIUM

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-21632?

A cross-site scripting vulnerability exists due to inadequate output escaping for article titles in Joomla. This oversight can be exploited in multiple output locations, enabling attackers to inject malicious scripts that execute in the context of the user's browser. If exploited, this could lead to unauthorized actions taken on behalf of the user, data theft, or website defacement. It is vital for Joomla users to apply appropriate security measures to mitigate this vulnerability.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.3

Joomla! CMS 6.0.0-6.0.3

References

https://developer.joomla.org/security-centre/1030-2026030...

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 1, 2026

Credit

peterhulst

CVE-2026-21632 Data

JSON