Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2661 articles · 174855 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-48952EXPLOITEDPATCHED
joomla · joomla

Joomla! Core - [20260706] - XSS in com_installer

Description

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

Affected Products

VendorProductVersions
joomlajoomla4.0.0-5.4.6, 6.0.0-6.1.1

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourcejoomlacert_advisory90%

References

  • https://developer.joomla.org/security-centre/1060-20260706-core-xss-in-com-installer.html(vendor-advisory)

Related News (4 articles)

Tier B
BSI Advisories4d ago
[UPDATE] [mittel] Joomla: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
BSI Advisories5d ago
[NEU] [hoch] Joomla: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
CERT-FR5d ago
Multiples vulnérabilités dans Joomla! (08 juillet 2026)
→ No new info (linked only)
Tier C
VulDB5d ago
CVE-2026-48952 | Joomla! Project Joomla! CMS up to 5.4.6/6.1.1 Update List View cross site scripting
→ No new info (linked only)
CVSS 3.17.5 NONE
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
https://developer.joomla.org/security-centre/1060-20260706-core-xss-in-com-installer.html
CWECWE-79
PublishedJul 7, 2026
Last enriched5d agov2
Tags
information disclosurecross-site scriptingdata manipulation
Trending Score26
Source articles4
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-48939EXPKEV
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
Trending: 135
NONECVE-2026-48950EXP
Joomla! Core - [20260704] - XSS in com_templates
Trending: 28
NONECVE-2019-25748EXP
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
Trending: 2
NONECVE-2017-20282EXP
Joomla! Component jCart for OpenCart 2.0 SQL Injection
Trending: 2
NONECVE-2017-20273EXP
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 7, 2026
Discovered by ZDM
Jul 7, 2026
Updated: severity, cvssEstimate, activelyExploited
Jul 7, 2026
Actively Exploited
Jul 8, 2026
Patch Available
Jul 8, 2026

Version History

v2
Last enriched 5d ago
v2Tier C5d ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited.

severitycvssEstimateactivelyExploited
via VulDB
v15d ago

Initial creation