XSS Vulnerability in Joomla's Generic Image Output Layout
CVE-2026-48953
5.9MEDIUM
What is CVE-2026-48953?
A Cross-Site Scripting (XSS) vulnerability exists in Joomla’s generic image output layout due to a lack of proper escaping of user-supplied data. This flaw allows an attacker to inject malicious scripts, which can be executed in the context of the user’s browser, potentially compromising user credentials and sensitive information.
Affected Version(s)
Joomla! CMS 4.0.0-5.4.6
Joomla! CMS 6.0.0-6.1.1