Joomla 3.0.x < 3.9.12 Joomla 3.9.12 Release (5776-joomla-3-9-12)
Medium Nessus Plugin ID 129303
SynopsisA PHP application running on the remote web server is affected by a vulnerability.
DescriptionAccording to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.12. It is, therefore, affected by a vulnerability.
- Inadequate escaping allowed XSS attacks using the logo parameter of the default templates. (CVE-2019-16725)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Joomla! version 3.9.12 or later.