Description
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
Remediation
References
Related Vulnerabilities
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)
WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-23620)
WordPress Plugin QIWI payment module for Woocommerce Cross-Site Scripting (0.0.9)