XSS in Joomla! Project Cms
CVE-2026-48950
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Joomla! Project Cms — versions 4.0.0-5.4.6, 6.0.0-6.1.1
Weakness classification (CWE)
References
- security@joomla.org (vendor-advisory)