CVE-2026-21631 MEDIUM

CVE-2026-21631: Joomla! Core - [20260303] - XSS vector in com_associations comparison view

Vendor Joomla! Project
Product Joomla! CMS
Weakness CWE-79 · XSS
Published April 1, 2026
Last update April 2, 2026
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U

What the vulnerability does

Description

Lack of output escaping leads to a XSS vector in the multilingual associations component.

Key dates

Disclosure timeline

April 1, 2026 CVE published
April 2, 2026 Record updated