CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules.

medium 6.1 CVSS 3.1
Published: May 26, 2026
Modified: May 27, 2026
Vendor: Joomla
Product: Joomla\!

Description

Lack of output escaping leads to a XSS vector in the feed modules.

References

Related CVEs

CVE-2026-48903 medium · 6.1
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48904 critical · 9.8
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48905 medium · 6.1
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48896 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48897 high · 7.5
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48898 critical · 9.8
An improper access check allows privilege escalation through the com_users batch task.