CVE-2019-16725

MEDIUM

Joomla! <3.9.12 - XSS

Title source: llm

Description

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0393
EPSS Percentile 88.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

joomla/joomla\! < 3.9.12
joomla/joomla-cms < 3.9.12Packagist

Timeline

Published Sep 24, 2019
Tracked Since Feb 18, 2026