Description

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.

Remediation

References

CVE-2021-26035

Related Vulnerabilities

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

Drupal Core 9.4.x Security Bypass (9.4.0 - 9.4.2)

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2004-1366)

WordPress Plugin NextGEN Gallery-WordPress Gallery Privilege Escalation (3.2.2)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'swfupload.swf' Cross-Site Scripting (1.9.7)

Severity

Medium

Classification

CVE-2021-26035 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities