CVE-2026-23900

Phoca Maps component for Joomla (versions 5.0.0–6.0.2) contains stored XSS in the maps- and icon rendering logic. This is documented across CVE sources (NVD, Red Hat, EUVD, CIRCL, CVE List) with a CVSS v3.1 base score of 6.5 (Medium) and no exploitation details provided. The root cause is not exp...