CVE-2026-23900
Received
Received - Intake
Stored XSS in Phoca Maps 5.0.0-6.0.2 Icon Rendering
Publication date: 2026-04-11
Last updated on: 2026-04-17
Assigner: Joomla! Project
Description
Description
Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoca | maps | From 5.0.0 (inc) to 6.0.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves various stored Cross-Site Scripting (XSS) issues in the maps and icon rendering logic of the Phoca Maps component versions 5.0.0 to 6.0.2.
How can this vulnerability impact me? :
Stored XSS vulnerabilities can allow attackers to inject malicious scripts that are permanently stored on the affected system. When other users access the affected maps or icons, these scripts can execute in their browsers, potentially leading to session hijacking, data theft, or other malicious actions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70