Description An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. Remediation References CVE-2019-9714 Related Vulnerabilities TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12748) WordPress Plugin Shariff for WordPress Cross-Site Scripting (1.0.7) TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4629) MySQL CVE-2017-10286 Vulnerability (CVE-2017-10286) WordPress Plugin Shortcoder-Create Shortcodes for Anything Security Bypass (6.3) Severity Medium Classification CVE-2019-9714 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities