Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48949— Joomla! Core - [20260703] - XSS in MFA method management

AI Predicted 5.4 Difficulty: Easy EPSS 0.27% · P19

Possible ATT&CK Techniques 1AI

T1189 · Drive-by Compromise

Affected Version Matrix 2

VendorProductVersion RangeStatus
Joomla! ProjectJoomla! CMS4.2.0-5.4.6affected
6.0.0-6.1.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48949

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Joomla! Core - [20260703] - XSS in MFA method management
Source: NVD (National Vulnerability Database)
Vulnerability Description
Lack of validation leads to an XSS vulnerability in the MFA management views.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Joomla! ProjectJoomla! CMS 4.2.0-5.4.6 -

II. Public POCs for CVE-2026-48949

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48949

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48949 (1)

Same Patch Batch · Joomla! Project · 2026-07-07 · 12 CVEs total

CVE-2026-48956Joomla! Core - [20260710] - Incorrect Access Control in com_modules
CVE-2026-48948Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
CVE-2026-48957Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
CVE-2026-48952Joomla! Core - [20260706] - XSS in com_installer
CVE-2026-48947Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
CVE-2026-48953Joomla! Core - [20260707] - XSS in the generic image output layout
CVE-2026-48950Joomla! Core - [20260704] - XSS in com_templates
CVE-2026-48954Joomla! Core - [20260708] - XSS through language overrides
CVE-2026-48958Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
CVE-2026-48955Joomla! Core - [20260709] - Incorrect Access Control in com_workflow
CVE-2026-48951Joomla! Core - [20260705] - XSS in various modalreturn layouts

IV. Related Vulnerabilities

V. Comments for CVE-2026-48949

No comments yet


Leave a comment