Description

An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

Remediation

References

CVE-2019-7742

Related Vulnerabilities

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)

WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)

WordPress Plugin QIWI payment module for Woocommerce Cross-Site Scripting (0.0.9)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4586)

Severity

Medium

Classification

CVE-2019-7742 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities