Description

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

Remediation

References

CVE-2020-13763

Related Vulnerabilities

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11812)

WordPress Plugin Slider by 10Web-Responsive Image Slider Unspecified Vulnerability (1.1.9)

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

WordPress Plugin dsSearchAgent:WordPress Edition Cross-Site Scripting (1.0-beta10)

WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)

Severity

High

Classification

CVE-2020-13763 CWE-281 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities