Lack of output escaping leads to a XSS vector in the content history component.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
Lack of input filtering leads to an XSS vector in the HTML filter code.
Lack of output escaping leads to a XSS vector in the feed modules.
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
Lack of output escaping for article titles leads to XSS vectors in various locations.
Lack of output escaping leads to a XSS vector in the multilingual associations component.
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
Various module chromes didn't properly process inputs, leading to XSS vectors.
Lack of output escaping in the id attribute of menu lists.
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
Inadequate content filtering leads to XSS vulnerabilities in various components.
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
Lack of output escaping leads to a XSS vector in the pagebreak plugin.