CVE-2026-58148 PUBLISHED

Joomla Extension - chronoengine.com - Stored XSS in ChronoForms extension for Joomla < 8.0.53

Assigner: Joomla
Reserved: 29.06.2026 Published: 17.07.2026 Updated: 17.07.2026

The Joomla extension ChronoForms is vulnerable to an unauthenticated stored XSS vulnerability.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor chronoengine.com
Product ChronoForms extension for Joomla
Versions Default: unaffected
  • Version 1.0-8.0.52 is affected

Credits

  • Italo Almeida finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE

Impacts

  • CAPEC-18 XSS Targeting Non-Script Elements