Description
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
Remediation
References
Related Vulnerabilities
WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.2)
WordPress Plugin YARPP-Yet Another Related Posts Local File Inclusion (5.30.3)
PHP Out-of-bounds Read Vulnerability (CVE-2019-9024)
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)