| ID | CVE-2026-48942 | ||||||
| Sažetak | K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. | ||||||
| Reference | |||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||||||
| Zadnje važnije ažuriranje | 28-06-2026 - 19:16 | ||||||
| Objavljeno | 25-06-2026 - 16:16 |
