Joomla Core - Escape xss in logo parameter error pages
Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030
Description
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.25
Solution
Upgrade to version 3.9.26