XSS Vulnerability in Joomla Framework Affects Multiple Components
CVE-2026-48903

6.9MEDIUM

Key Information:

Vendor: Joomla
Status: Joomla! Framework Filter Package
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48903?

A serious Cross-Site Scripting (XSS) vulnerability has been identified in the Joomla Framework due to inadequate content filtering within the checkAttribute methods. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and site integrity across various components. It emphasizes the importance of robust input validation and content sanitization in web applications to protect against unauthorized access and exploitation.

Affected Version(s)

Joomla! Framework Filter package 1.0.0-3.0.5

Joomla! Framework Filter package 4.0.0-4.0.1

References

https://developer.joomla.org/security-centre/1051-2026051...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 26, 2026

Credit

JSST

CVE-2026-48903 Data

JSON