CVE-2026-21631 — Cross-site Scripting in Joomla !

Severity

5.9MEDIUMNVD

EPSS

0.0%

top 99.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 1

Description

Lack of output escaping leads to a XSS vector in the multilingual associations component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

▶NVDjoomla/joomla_!3.0.0 — 5.4.4+1

▶CVEListV5joomla!_project/joomla!_cms4.0.0-5.4.3, 6.0.0-6.0.3+1

GHSA

GHSA-24p2-2h4q-gmhf: Lack of output escaping leads to a XSS vector in the multilingual associations component↗2026-04-01

▶

CVEList

Joomla! Core - [20260303] - XSS vector in com_associations comparison view↗2026-04-01

▶

Wiz

CVE-2026-21631 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶