CVE-2026-21624

Critical CVSS: 9.4

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.

Vendor

Product

CWE

Yayın Tarihi

2026-01-16 15:15:54

Güncelleme

2026-01-30 18:43:24

Source Identifier

security@joomla.org

KEV Date Added

CWE-79 Easydiscuss CRITICAL Stackideas 2026

https://stackideas.com/easydiscuss

Critical

CVE-2026-21626

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violatio…

Medium

CVE-2026-21625

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by…

Critical

CVE-2026-21623

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component…