Loading market data...
← Back to CVE feed

CVE-2026-48942

MEDIUM CVSS 6.1 View on NVD ↗

Description

K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Published: Jun 25, 2026 16:16 UTC Modified: Jun 25, 2026 19:14 UTC