CVE-2026-23900

MEDIUM

Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Title source: cna
STIX 2.1

Description

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

References (1)

Core 1
Core References
Product product
https://phoca.cz/

Scores

CVSS v3 6.5
EPSS 0.0025
EPSS Percentile 15.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
phoca/maps 5.0.0 - 6.0.2
phoca.cz/phoca.cz - Phoca Maps for Joomla 5.0.0-6.0.2
Published Apr 11, 2026
Tracked Since Apr 11, 2026