[20190201] - Core - Lack of URL filtering in various core components

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: XSS
Reported Date: 2018-November-13
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7744

Description

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.2

Solution

Upgrade to version 3.9.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser