Details
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the “Articles – Newsflash” and “Articles – Categories” modules allows XSS.
Vulnerable Systems:
Joomla! before 3.9.19
CVE Information:
Disclosure Timeline:
Published Date:6/2/2020