2 matches found
CVE-2021-26032
CVE-2021-26032 affects Joomla! 3.0.0–3.9.26. The issue is that HTML was missing from the executable block list checked by MediaHelper::canUpload, enabling cross-site scripting (XSS) vectors. The vulnerability stems from insufficient input filtering in that code path, allowing injected HTML/script...
Joomla! 3.x < 3.9.27 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...