XSS Vulnerability in Joomla MFA Management Views
CVE-2026-48949

5.9MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48949?

A vulnerability exists in the MFA management views of Joomla that allows an attacker to exploit a lack of proper input validation. This XSS flaw could enable unauthorized users to execute scripts in the context of another user's session, posing a security risk. It’s essential for Joomla users to take immediate action to safeguard their applications by applying the latest updates and employing best practices in web security.

Affected Version(s)

Joomla! CMS 4.2.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jorian Woltjer
.