XSS in Phoca.cz - Phoca Maps For Joomla

CVE-2026-23900

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.