[20260303] - Core - XSS vector in com_associations comparison view

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Moderate
Probability: Low
Versions: 4.0.0-5.4.3, 6.0.0-6.0.3
Exploit type: XSS
Reported Date: 2026-03-11
Fixed Date: 2026-03-31
CVE Number: CVE-2026-21631

Description

Lack of output escaping leads to a XSS vector in the multilingual associations component

Affected Installs

Joomla! CMS versions 4.0.0-5.4.3, 6.0.0-6.0.3

Solution

Upgrade to version 5.4.4 or 6.0.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Shirsendu Mondal & Md Tanzimul Alam Fahim, UNC Pembroke