Description
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Remediation
References
Related Vulnerabilities
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
Joomla CVE-2022-27911 Vulnerability (CVE-2022-27911)
MySQL CVE-2012-3144 Vulnerability (CVE-2012-3144)
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)
WordPress Plugin WooCommerce Instamojo Cross-Site Scripting (0.0.6)