Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2666 articles · 174691 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-48950EXPLOITEDPATCHED
joomla · joomla

Joomla! Core - [20260704] - XSS in com_templates

Description

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

Affected Products

VendorProductVersions
joomlajoomla4.0.0-5.4.6, 6.0.0-6.1.1

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourcejoomlacert_advisory90%

References

  • https://developer.joomla.org/security-centre/1058-20260704-core-xss-in-com-templates.html(vendor-advisory)

Related News (3 articles)

Tier B
BSI Advisories5d ago
[NEU] [hoch] Joomla: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
CERT-FR5d ago
Multiples vulnérabilités dans Joomla! (08 juillet 2026)
→ No new info (linked only)
Tier C
VulDB5d ago
CVE-2026-48950 | Joomla! Project Joomla! CMS up to 5.4.6/6.1.1 File Management View default.php cross site scripting
→ No new info (linked only)
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
https://developer.joomla.org/security-centre/1058-20260704-core-xss-in-com-templates.html
CWECWE-79
PublishedJul 7, 2026
Last enriched5d agov2
Trending Score28
Source articles3
Independent3
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-48939EXPKEV
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
Trending: 129
NONECVE-2026-48952EXP
Joomla! Core - [20260706] - XSS in com_installer
Trending: 26
NONECVE-2019-25748EXP
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
Trending: 2
NONECVE-2017-20282EXP
Joomla! Component jCart for OpenCart 2.0 SQL Injection
Trending: 2
NONECVE-2017-20273EXP
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 7, 2026
Discovered by ZDM
Jul 7, 2026
Updated: description, severity, activelyExploited
Jul 7, 2026
Actively Exploited
Jul 8, 2026
Patch Available
Jul 8, 2026

Version History

v2
Last enriched 5d ago
v2Tier C5d ago

Updated description with more technical detail, changed severity to HIGH, and noted that there is no available exploit.

descriptionseverityactivelyExploited
via VulDB
v15d ago

Initial creation