CVE-2026-48954
Joomla! Core - [20260708] - XSS through language overrides
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper validation leads to a generic XSS vector in the language override feature.
| CWE | CWE-79 |
| Vendor | joomla! project |
| Product | joomla! cms |
| Published | Jul 7, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for joomla! project joomla! cms
Be the first to know when new unknown vulnerabilities affecting joomla! project joomla! cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Joomla! Project / Joomla! CMS
3.0.0-5.4.6 6.0.0-6.1.1
References
Credits
Morris Baumgarten-Egemole