Description
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Print Cross-Site Request Forgery (2.51)
WordPress Other Vulnerability (CVE-2007-0539)
WordPress Plugin File Manager Cross-Site Request Forgery (3.0.1)
Internet Information Services Other Vulnerability (CVE-2002-0364)
Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-11784)