XSS in Chronoengine.com Chronoforms Extension For Joomla
CVE-2026-58148
The Joomla extension ChronoForms is vulnerable to an unauthenticated stored XSS vulnerability.
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Chronoengine.com Chronoforms Extension For Joomla — versions 1.0-8.0.52
Weakness classification (CWE)
References
- security@joomla.org (product)