CVE-2019-16725 — Cross-site Scripting in Joomla !

Severity

6.1MEDIUMNVD

EPSS

3.9%

top 11.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 24

Latest updateMay 24

Description

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDjoomla/joomla_!3.0.0 — 3.9.12

▶Packagistjoomla/joomla-cms3.0.0 — 3.9.12

GHSA

Joomla! XSS in Default Templates↗2022-05-24

▶

OSV

Joomla! XSS in Default Templates↗2022-05-24

▶

CVEList

CVE-2019-16725: In Joomla! 3↗2019-09-24

▶