CVE-2026-30894
Received Received - Intake
Cross-Site Scripting in Joomla Content History

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Joomla! Project

Description
Lack of output escaping leads to a XSS vector in the content history component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-26
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-30894
EUVD
EUVD-2026-31872
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
joomla cms From 3.0.0 (inc) to 5.4.5 (inc)
joomla cms From 6.0.0 (inc) to 6.1.0 (inc)
joomla cms 5.4.6
joomla cms 6.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-30894 is a Cross-Site Scripting (XSS) vulnerability in the Joomla! CMS. It occurs because the content history component does not properly escape output, which allows attackers to inject and execute malicious scripts.


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute malicious scripts in the context of the affected Joomla! CMS site. This can lead to unauthorized actions, theft of sensitive information, session hijacking, or other malicious activities. However, the probability of exploitation is considered low and the severity is moderate.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is a Cross-Site Scripting (XSS) issue in the content history component of Joomla! CMS caused by insufficient output escaping.

Detection typically involves verifying the Joomla! CMS version in use to determine if it falls within the affected ranges (3.0.0 through 5.4.5 and 6.0.0 through 6.1.0).

No specific detection commands are provided in the available resources.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users should upgrade Joomla! CMS to version 5.4.6 or 6.1.1 or later, where the issue has been fixed.

Contacting the Joomla! Security Strike Team (JSST) at the Joomla! Security Centre is recommended for further assistance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart