CVE-2026-21624
Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Stackideas.com · EasyDiscuss extension for JoomlaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://stackideas.com/easydiscuss