Description
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Remediation
References
Related Vulnerabilities
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Unspecified Vulnerability (2.3.8)
Rukovoditel Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-53913)