[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions:3.9.0 - 3.9.23 Exploit type: XSS Reported Date: 2020-09-01 Fixed Date: 2021-01-12 CVE Number: CVE-2021-23124 Description Lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.23 Solution Upgrade to version 3.9.24 Contact The JSST at the Joomla! Security Centre. Reported By: Šarūnas Paulauskas
- Zugriffe: 335