CVE-2026-21624 CRITICAL

CVE-2026-21624: Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Weakness CWE-79 · XSS

Published January 16, 2026

Last update January 16, 2026

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

Description

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.

Key dates

January 16, 2026 CVE published

January 16, 2026 Record updated

CVE CVE-2026-21624

CWE CWE-79

CVSS 9.4 / CRITICAL

Vendor Stackideas.com

Product EasyDiscuss extension for Joomla

Affected 1.0.0-5.0.15