Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48951— Joomla! Core - [20260705] - XSS in various modalreturn layouts

AI Predicted 6.1 Difficulty: Easy

Possible ATT&CK Techniques 1AI

T1189 · Drive-by Compromise

Affected Version Matrix 2

VendorProductVersion RangeStatus
Joomla! ProjectJoomla! CMS4.0.0-5.4.6affected
6.0.0-6.1.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48951

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Joomla! Core - [20260705] - XSS in various modalreturn layouts
Source: NVD (National Vulnerability Database)
Vulnerability Description
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Joomla! ProjectJoomla! CMS 4.0.0-5.4.6 -

II. Public POCs for CVE-2026-48951

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48951

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48951 (1)

Same Patch Batch · Joomla! Project · 2026-07-07 · 12 CVEs total

CVE-2026-48956Joomla! Core - [20260710] - Incorrect Access Control in com_modules
CVE-2026-48948Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
CVE-2026-48949Joomla! Core - [20260703] - XSS in MFA method management
CVE-2026-48957Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
CVE-2026-48952Joomla! Core - [20260706] - XSS in com_installer
CVE-2026-48947Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
CVE-2026-48953Joomla! Core - [20260707] - XSS in the generic image output layout
CVE-2026-48950Joomla! Core - [20260704] - XSS in com_templates
CVE-2026-48954Joomla! Core - [20260708] - XSS through language overrides
CVE-2026-48958Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
CVE-2026-48955Joomla! Core - [20260709] - Incorrect Access Control in com_workflow

IV. Related Vulnerabilities

V. Comments for CVE-2026-48951

No comments yet


Leave a comment