XSS Vulnerability in Joomla's Content Filtering Mechanism
CVE-2026-48905

6.9MEDIUM

Key Information:

Vendor: Joomla
Status: Joomla! Framework Filter Package
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48905?

This vulnerability arises from insufficient input filtering in Joomla's HTML filter code, potentially allowing an attacker to inject malicious scripts. By exploiting this flaw, attackers can execute arbitrary scripts in the context of users' browsers, compromising the integrity and confidentiality of user data. Proper validation and sanitization mechanisms are necessary to mitigate such risks and enhance the overall security posture of Joomla applications.

Affected Version(s)

Joomla! Framework Filter package 1.0.0-3.0.5

Joomla! Framework Filter package 4.0.0-4.0.1

References

https://developer.joomla.org/security-centre/1052-2026052...

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 26, 2026

Credit

Jesper Nl

CVE-2026-48905 Data

JSON