In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url.
CPE | Name | Operator | Version |
---|---|---|---|
joomla! cms | lt | 3.8.9 |