CVE-2026-23900

State: PUBLISHED · Published: 2026-04-11 · Updated: 2026-04-14 · Assigner: Joomla

Description

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

CVSS

References

Source

cvelistV5-main/cves/2026/23xxx/CVE-2026-23900.json