Cross-Site Scripting Vulnerability in Joomla! Content History Component
CVE-2026-30894

6.9MEDIUM

Key Information:

Vendor

Joomla
Status
Joomla! Cms
Vendor
CVE Published:
26 May 2026

What is CVE-2026-30894?

The Joomla! Content History Component is vulnerable to Cross-Site Scripting due to inadequate escaping of output. This flaw allows attackers to inject malicious scripts, which can be executed in the browser of users viewing the content history. By exploiting this vulnerability, an attacker can potentially manipulate user sessions or redirect users to malicious websites. It's crucial for users and administrators to apply the latest security patches and implement best practices for web security to mitigate these risks.

Affected Version(s)

Joomla! CMS 3.0.0-5.4.5

Joomla! CMS 6.0.0-6.1.0

References

https://developer.joomla.org/security-centre/1035-2026050...
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phan Phan Hai Long
.