Home

Description

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

PUBLISHED Reserved 2026-01-17 | Published 2026-04-11 | Updated 2026-04-14 | Assigner Joomla

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

5.0.0-6.0.2
affected

Credits

Felipe Monteiro finder

Leandro Vallim finder

References

phoca.cz/ product

cve.org (CVE-2026-23900)

nvd.nist.gov (CVE-2026-23900)

Download JSON