Assigner | Joomla |
Reserved | 2024-01-01 |
Published | 2024-02-20 |
Updated | 2024-07-21 |
Description
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
4.0.0-4.4.2
5.0.0-5.0.2
Credits
Gareth Heyes (PortSwigger Research)
References
https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html