CVE-2026-48905 MEDIUM

CVE-2026-48905: Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.

Vendor Joomla! Project

Product Joomla! Framework Filter package

Weakness CWE-79 · XSS

Published May 26, 2026

Last update May 27, 2026

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

Lack of input filtering leads to an XSS vector in the HTML filter code.

Key dates

May 26, 2026 CVE published

May 27, 2026 Record updated

CVE CVE-2026-48905

CWE CWE-79

CVSS 6.9 / MEDIUM

Vendor Joomla! Project

Product Joomla! Framework Filter package

Affected 1.0.0-3.0.5

Vendor Joomla! Project

Product Joomla! Framework Filter package

Affected 4.0.0-4.0.1