Description In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. Remediation References CVE-2019-15028 Related Vulnerabilities Oracle Application Server Other Vulnerability (CVE-2007-1609) PHP-Fusion Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1806) Drupal Deserialization of Untrusted Data Vulnerability (CVE-2019-6338) Moodle Other Vulnerability (CVE-2007-1647) WordPress Plugin WordPress Leads Cross-Site Scripting (1.6.2) Severity Medium Classification CVE-2019-15028 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities