CVE-2026-48905

Description

Lack of input filtering leads to an XSS vector in the HTML filter code.

PUBLISHED Reserved 2026-05-26 | Published 2026-05-26 | Updated 2026-05-27 | Assigner Joomla

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Jesper den Boer finder

References

developer.joomla.org/...the-cleanattributes-filter-code.html vendor-advisory

cve.org (CVE-2026-48905)

nvd.nist.gov (CVE-2026-48905)

Download JSON