Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

CVE	CVE-2026-23900
State	PUBLISHED
Assigner	Joomla
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-04-11 14:16:03 UTC
Updated	2026-04-11 14:16:03 UTC
Description	Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

Problem Types: CWE-79 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Source	Vendor	Product	Version	Platforms
CNA	Phoca.cz	Phoca.cz - Phoca Maps For Joomla	affected 5.0.0-6.0.2	Not specified

Reference	Source	Link	Tags
phoca.cz	[email protected]	phoca.cz
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Felipe Monteiro (en)

CNA: Leandro Vallim (en)

There are currently no legacy QID mappings associated with this CVE.