Description
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
Remediation
References
Related Vulnerabilities
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (7.3.3)
Oracle HTTP Server Other Vulnerability (CVE-2006-5346)
Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469)
WordPress Plugin Facebook for WordPress PHP Object Injection (2.2.2)