Description
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
Remediation
References
Related Vulnerabilities
WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)
WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)
VMware directory traversal and privilege escalation vulnerabilities
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)