XSS Vulnerability in Joomla Core Language Override Feature
CVE-2026-48954
5.9MEDIUM
What is CVE-2026-48954?
The Joomla Core has a security weakness stemming from improper validation within its language override feature. This flaw can be exploited to facilitate a generic Cross-Site Scripting (XSS) attack, allowing malicious actors to inject harmful scripts into web pages viewed by unsuspecting users. Such vulnerabilities can lead to privacy breaches, session hijacking, and other malicious exploits, posing a significant risk to both site administrators and visitors.
Affected Version(s)
Joomla! CMS 3.0.0-5.4.6
Joomla! CMS 6.0.0-6.1.1