XSS Vulnerability in Joomla Core Language Override Feature
CVE-2026-48954

5.9MEDIUM

Key Information:

Vendor

Joomla

Vendor
CVE Published:
7 July 2026

What is CVE-2026-48954?

The Joomla Core has a security weakness stemming from improper validation within its language override feature. This flaw can be exploited to facilitate a generic Cross-Site Scripting (XSS) attack, allowing malicious actors to inject harmful scripts into web pages viewed by unsuspecting users. Such vulnerabilities can lead to privacy breaches, session hijacking, and other malicious exploits, posing a significant risk to both site administrators and visitors.

Affected Version(s)

Joomla! CMS 3.0.0-5.4.6

Joomla! CMS 6.0.0-6.1.1

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Morris Baumgarten-Egemole
.