Security officials warn of multiple cross‑site scripting vulnerabilities affecting the Joomla! content management system. The flaws allow attackers to perform remote indirect code injection (XSS). Affected releases include Joomla! CMS versions 3.9.x through 5.x prior to 5.4.2 and 6.x prior to 6.0.2. The alert cites Joomla! security bulletins 1016‑20260101 and 1017‑20260102, published on 6 January 2026, and the CVE identifiers CVE‑2025‑63082 and CVE‑2025‑63083. The issues stem from inadequate content filtering for data URLs and an XSS vector in the PageBreak plugin. Website administrators are advised to consult the vendor’s security bulletin for patch details, available on the Joomla! security center. The alert was issued by CERT‑FR on 7 January 2026.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0008/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.