CVE-2026-23900

CVE-2026-23900: Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Vendor Phoca.cz
Product phoca.cz - Phoca Maps for Joomla
Weakness CWE-79 · XSS
Published April 11, 2026
Last update April 14, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

Key dates

Disclosure timeline

April 11, 2026 CVE published
April 14, 2026 Record updated