Description
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
Remediation
References
Related Vulnerabilities
Django Improper Input Validation Vulnerability (CVE-2019-3498)
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-34305)