CVE-2026-21632 MEDIUM

CVE-2026-21632: Joomla! Core - [20260304] - XSS vectors in various article title outputs

Vendor Joomla! Project

Product Joomla! CMS

Weakness CWE-79 · XSS

Published April 1, 2026

Last update April 2, 2026

CVSS base score

5.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U

What the vulnerability does

Description

Lack of output escaping for article titles leads to XSS vectors in various locations.

Key dates

April 1, 2026 CVE published

April 2, 2026 Record updated

CVE CVE-2026-21632

CWE CWE-79

CVSS 5.9 / MEDIUM

Vendor Joomla! Project

Product Joomla! CMS

Affected 4.0.0-5.4.3

Vendor Joomla! Project

Product Joomla! CMS

Affected 6.0.0-6.0.3