CVE-2026-48942 - Joomla Extension - getk2.com - Stored-XSS in K2 extension for Joomla < 2.26
CVE ID :CVE-2026-48942
Published : June 25, 2026, 3:23 p.m. | 1 hour, 18 minutes ago
Description :K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 25, 2026, 3:23 p.m. | 1 hour, 18 minutes ago
Description :K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...