CVE-2026-57833 PUBLISHED

Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

Assigner: Joomla
Reserved: 25.06.2026 Published: 15.07.2026 Updated: 15.07.2026

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.6

Product Status

Vendor weeblr.com
Product 4Analytics extension for Joomla
Versions Default: unaffected
  • Version 1.0-5.0.1 is affected

Credits

  • Yannick Gaultier finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE

Impacts

  • CAPEC-18 XSS Targeting Non-Script Elements