Description
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
Remediation
References
Related Vulnerabilities
Jetty Weak Authentication Vulnerability (CVE-2023-41900)
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)
WordPress Plugin Kadence WooCommerce Email Designer PHP Object Injection (1.5.6)
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-8740)