BIT-JOOMLA-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Joomla! Cross-Site Scripting (CVE-2021-23124)

A stored cross-site scripting vulnerability exists in Joomla! CMS Core. The vulnerability is due to improper validation of the title parameter in the modbreadcrumbs module. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to the server...

Joomla 3.0.x < 3.9.24 Multiple Vulnerabilities (5830-joomla-3-9-24)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.24. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of...

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Cross site scripting

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

CVE-2021-23124

CVE-2021-23124 affects Joomla! 3.9.0–3.9.23, due to lack of escaping in the mod_breadcrumbs aria-label attribute, which allows cross-site scripting (XSS). The issue is documented across multiple feeds (NVD, OSV, CNVD, osv.dev) with consolidated descriptions. Exploitation would involve crafting in...

CVE-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

Lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...