Description An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. Remediation References CVE-2019-9714 Related Vulnerabilities PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1643) WordPress Plugin WP Telegram (Auto Post and Notifications) Unspecified Vulnerability (2.1.8) SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0557) WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Cross-Site Scripting (1.1.1) WordPress Plugin WordPress Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) Cross-Site Scripting (1.1.9) Severity Medium Classification CVE-2019-9714 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities