According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities :
Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow Cross-Site Scripting (XSS) attacks. (CVE-2020-13761)
The default settings of the global textfilter configuration doesn’t block HTML inputs for Guest users. (CVE-2020-13763)
Incorrect input validation of the module tag option in com_modules allow Cross-Site Scripting (XSS) attacks. (CVE-2020-13762)
Two Cross-Site Scripting (XSS) vulnerabilities in jQuery. (CVE-2020-11022 / CVE-2020-11023)
Missing token checks in com_postinstall cause CSRF vulnerabilities. (CVE-2020-13760)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13763
developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option.html
developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings.html
developer.joomla.org/security-centre/815-20200603-core-xss-in-com-modules-tag-options.html
developer.joomla.org/security-centre/816-20200604-core-xss-in-jquery-htmlprefilter.html
developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall.html
www.joomla.org/announcements/release-news/5812-joomla-3-9-19.html