MEDIUM
getk2.org
CVE published 2026-06-25
CVE-2026-48942
CVE-2026-48942 is a medium-severity vulnerability in K2, a Joomla extension, affecting versions ≤ 2.26. The vulnerability allows attackers to inject malicious HTML into the `#__k2_users.image` column via two distinct templates, without proper HTML escaping. This could lead to Cross-Site Scripting (XSS) attacks. The vulnerability was published on June 25, 2026, and last modified on June 28, 2026.