Description
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)
Oracle Application Server Other Vulnerability (CVE-2006-5358)
WordPress Plugin Ad-Manager Open Redirect (1.1.2)
WordPress Plugin Count per Day Information Disclosure (3.2.5)
WordPress Plugin Related Posts Multiple Cross-Site Request Forgery Vulnerabilities (1.0)