XSS Vulnerability in Joomla's Multilingual Associations Component
CVE-2026-25901

6.9MEDIUM

Key Information:

Vendor

Joomla
Status
Joomla! Cms
Vendor
CVE Published:
26 May 2026

What is CVE-2026-25901?

A cross-site scripting (XSS) vulnerability has been identified in the multilingual associations component of Joomla. This issue arises from inadequate output escaping, allowing attackers to inject malicious scripts into the web application. Exploitation of this vulnerability could result in unauthorized access, data theft, or session hijacking. Website administrators are urged to assess their installations and apply appropriate security measures as detailed in the vendor advisory.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.5

Joomla! CMS 6.0.0-6.1.0

References

https://developer.joomla.org/security-centre/1034-2026050...
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

vnth4nhnt from CyStack
.