[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Project: Joomla!
SubProject: Framewok
Impact: Moderate
Severity: Moderate
Probability: Moderate
Versions: 3.0.0-5.4.5,6.0.0-6.1.0
Exploit type: XSS
Reported Date: 2026-04-21
Fixed Date: 2026-05-26
CVE Number: CVE-2026-48903

Description

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 3.0.0-5.4.5,6.0.0-6.1.0

Solution

Upgrade to version 5.4.6,6.1.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST