BIT-JOOMLA-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

EUVD-2026-31874

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-30895

CVE-2026-30895 affects Joomla! Core (component: com_content). The root cause is lack of output escaping in readmore links, enabling a XSS vector. CVSS 4.0 base score 6.9 (MEDIUM) with attack vector NETWORK, high privileges required, passive user interaction. Public references point to Joomla secu...

CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

CVE-2026-21630

Joomla! Core SQL injection vulnerability identified in the com_content articles webservice endpoint affecting Joomla! CMS versions 4.0.0–5.4.3 and 6.0.0–6.0.3. The connected document specifies the vulnerability type and affected versions; no exploitation status or remediation details are provided...

[20260302] - Core - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

CVE-2020-24598

An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of comcontent leads to an open redirect...

CVE-2015-7899

The comcontent component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors...