← Back
2026-05-26 16:46CVE-2026-48903Joomla
PUBLISHED5.2CWE-79

Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

Problem type

Affected products

Joomla! Project

Joomla! Framework Filter package

1.0.0-3.0.5 - AFFECTED

4.0.0-4.0.1 - AFFECTED

References

developer.joomla.org

https://developer.joomla.org/security-centre/1051-20260519-framework-inadequate-content-filtering-within-the-checkattribute-filter-code.html

vendor-advisory

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-48903
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-48903",
    "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
    "assignerShortName": "Joomla",
    "dateUpdated": "2026-05-26T16:46:05.152Z",
    "dateReserved": "2026-05-26T10:06:17.656Z",
    "datePublished": "2026-05-26T16:46:05.152Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "shortName": "Joomla",
        "dateUpdated": "2026-05-26T16:46:05.152Z"
      },
      "title": "Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.",
      "descriptions": [
        {
          "lang": "en",
          "value": "Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Joomla! Project",
          "product": "Joomla! Framework Filter package",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "1.0.0-3.0.5",
              "status": "affected"
            },
            {
              "version": "4.0.0-4.0.1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://developer.joomla.org/security-centre/1051-20260519-framework-inadequate-content-filtering-within-the-checkattribute-filter-code.html",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-18",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-18 XSS Targeting Non-Script Elements"
            }
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "JSST",
          "type": "finder"
        }
      ]
    }
  }
}