Sign in Subscribe

← All advisories

Medium severity5.4NVD Advisory· Published Apr 1, 2026· Updated Apr 9, 2026

CVE-2026-21632

CVE-2026-21632

Description

Lack of output escaping for article titles leads to XSS vectors in various locations.

Affected products

1

Joomla/Joomla!
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Range: >=3.0.0,<5.4.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

developer.joomla.org/security-centre/1030-20260304-core-xss-vectors-in-various-article-title-outputs.htmlnvdVendor Advisory

News mentions

2

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
The Hacker News · May 16, 2026
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
The Hacker News · Apr 23, 2026