Description
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.3.6)
WordPress Plugin Per page add to head Cross-Site Scripting (1.4.4)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9840)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
WordPress Plugin More from Google Cross-Site Scripting (0.0.2)