XSS Vulnerability in Joomla's Generic Image Output Layout
CVE-2026-48953

5.9MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48953?

A Cross-Site Scripting (XSS) vulnerability exists in Joomla’s generic image output layout due to a lack of proper escaping of user-supplied data. This flaw allows an attacker to inject malicious scripts, which can be executed in the context of the user’s browser, potentially compromising user credentials and sensitive information.

Affected Version(s)

Joomla! CMS 4.0.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pavel Kohout, Aisle Research
.