Description
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Pressbooks Cross-Site Scripting (2.4.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.11)
WordPress Plugin Simple File List Arbitrary File Upload (4.2.2)