Description

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

Remediation

References

CVE-2020-13763

Related Vulnerabilities

WordPress Plugin Elements For Elementor Local File Inclusion (2.1)

WordPress Plugin WordPress Download Manager Arbitrary File Upload (2.8.97)

Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27492)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5026)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28956)

Severity

High

Classification

CVE-2020-13763 CWE-281 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities