XSS Vulnerability in Joomla's Installer Component
CVE-2026-48952

5.9MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48952?

An identified vulnerability in Joomla's com_installer component stems from insufficient escaping, enabling potential attackers to execute malicious scripts in the update list view. This flaw poses significant risks for Joomla websites, making them susceptible to XSS attacks, which may lead to unauthorized access and data compromise.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

廖双
.