An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
References
Configurations
Information
Published : 2021-05-26 04:15
Updated : 2021-05-28 09:19
NVD link : CVE-2021-26032
Mitre link : CVE-2021-26032
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
joomla
- joomla\!