Vulnerability in Joomla! Project Cms

CVE-2021-26030

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

EPSS: 0.824 (99.6th percentile) — read the EPSS interpretation.

Affected products

Joomla! Project Cms — versions 3.0.0-3.9.25

References

developer.joomla.org/security-centre/850-20210401-core-escape-xss-in-logo-param… (x_refsource_MISC, vendor-advisory)