{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/joomla-versions-6.x-ant%C3%A9rieures-%C3%A0-6.1.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-48949"},{"id":"CVE-2026-48954"},{"id":"CVE-2026-48948"},{"id":"CVE-2026-48955"},{"id":"CVE-2026-48957"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Joomla! (versions 6.x antérieures à 6.1.2)","Joomla! (versions antérieures à 5.4.7)"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","xss","access-control","cms","joomla"],"_cs_type":"advisory","_cs_vendors":["Joomla!"],"content_html":"\u003cp\u003eOn July 8, 2026, the French National Cybersecurity Agency (ANSSI) CERT-FR issued an advisory detailing multiple vulnerabilities impacting the Joomla! Content Management System. These flaws affect Joomla! 6.x versions earlier than 6.1.2 and Joomla! 5.x versions earlier than 5.4.7. The vulnerabilities encompass various Cross-Site Scripting (XSS) issues and several instances of incorrect access control within components like \u003ccode\u003ecom-media-webservice-endpoints\u003c/code\u003e, \u003ccode\u003ecom-contact-vcf-download\u003c/code\u003e, \u003ccode\u003ecom-workflow\u003c/code\u003e, \u003ccode\u003ecom-modules\u003c/code\u003e, \u003ccode\u003ecom-privacy-webservice-endpoints\u003c/code\u003e, and \u003ccode\u003ecom-fields-webservice-endpoints\u003c/code\u003e. Successful exploitation could lead to breaches of data confidentiality, compromises of data integrity, remote indirect code injection, and a general bypass of security policies, potentially granting unauthorized access or control over the affected Joomla! instance and its data. Organizations running vulnerable versions of Joomla! are urged to apply patches immediately to mitigate these risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated or low-privileged attacker identifies a vulnerable Joomla! instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting specific Joomla! components, such as \u003ccode\u003ecom-templates\u003c/code\u003e or \u003ccode\u003ecom-installer\u003c/code\u003e, containing XSS payloads.\u003c/li\u003e\n\u003cli\u003eThe crafted request leverages the XSS vulnerability (e.g., CVE-2026-48949, CVE-2026-48950, CVE-2026-48951, CVE-2026-48952, CVE-2026-48953, CVE-2026-48954) to inject malicious client-side script into web pages viewed by other users, including administrators.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker exploits incorrect access control vulnerabilities (e.g., CVE-2026-48947, CVE-2026-48948, CVE-2026-48955, CVE-2026-48956, CVE-2026-48957, CVE-2026-48958) in various webservice endpoints or components.\u003c/li\u003e\n\u003cli\u003eThrough XSS, the attacker compromises legitimate user sessions, potentially stealing cookies, session tokens, or performing actions on behalf of the victim.\u003c/li\u003e\n\u003cli\u003eThrough incorrect access control, the attacker gains unauthorized access to sensitive data, modifies system configurations, or manipulates content, leading to data confidentiality and integrity breaches.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe identified vulnerabilities could result in significant damage to affected organizations. Successful exploitation of the Cross-Site Scripting (XSS) flaws can lead to session hijacking, defacement, or redirection, potentially exposing administrative credentials or sensitive user data. The incorrect access control vulnerabilities could allow unauthorized users to view, modify, or delete critical information, leading to data breaches or integrity compromises. While no specific victim count or targeted sectors were detailed in the advisory, any organization utilizing vulnerable Joomla! versions is at risk of unauthorized data access, website defacement, and potential regulatory non-compliance due to data exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching all affected Joomla! installations to versions 6.1.2 or later, or 5.4.7 or later, as recommended in the CERTFR-2026-AVI-0847 advisory.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for unusual requests containing script-like characters in parameters, especially for URLs related to \u003ccode\u003ecom-templates\u003c/code\u003e, \u003ccode\u003ecom-installer\u003c/code\u003e, or other components mentioned in the Joomla! security bulletins.\u003c/li\u003e\n\u003cli\u003eImplement a robust Web Application Firewall (WAF) to detect and block malicious requests attempting to exploit CVE-2026-48949, CVE-2026-48950, CVE-2026-48951, CVE-2026-48952, CVE-2026-48953, and CVE-2026-48954.\u003c/li\u003e\n\u003cli\u003eRegularly back up Joomla! databases and file systems to ensure data integrity can be restored in case of a successful exploit leading to data corruption or loss.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T14:15:17Z","date_published":"2026-07-08T14:15:17Z","id":"https://feed.craftedsignal.io/briefs/2026-07-joomla-multi-vulnerabilities/","summary":"Multiple vulnerabilities, including several Cross-Site Scripting (XSS) flaws and incorrect access control issues, have been discovered in Joomla! versions 6.x prior to 6.1.2 and 5.x prior to 5.4.7, which could allow an attacker to bypass security policies, compromise data confidentiality and integrity, and perform remote indirect code injection.","title":"Multiple Vulnerabilities Discovered in Joomla! CMS","url":"https://feed.craftedsignal.io/briefs/2026-07-joomla-multi-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - Joomla! (Versions 6.x Antérieures À 6.1.2)","version":"https://jsonfeed.org/version/1.1"}