BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-25901

CVE-2026-25901 affects Joomla! Core — specifically the multilingual associations component. The root cause is a lack of output escaping in com_associations, which creates a reflected/XSS vector when user-supplied content is rendered. Documented impact indicates potential for script execution that...

BIT-JOOMLA-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-21631

CVE-2026-21631 corresponds to a core Joomla XSS vulnerability in the com_associations comparison view. Affected Joomla versions are 4.0.0–5.4.3 and 6.0.0–6.0.3. The connected document specifies an XSS vector with no publicly provided exploit details, no mitigation or patch information, and no exp...

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...