A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the
mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability.
CWE is classifying the issue as CWE-80. This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
It is highly recommended to update Joomla to version 3.9.2 which is not affected.
Related recent vulnerabilities
Inadequate escaping in com_contact leads to a stored XSS vulnerability. Affects 2.5.0 through 3.9.1
Inadequate checks of the Global Configuration
helpurl settings allowed a stored XSS. Affects 2.5.0 through 3.9.1
Inadequate checks of the Global Configuration Text Filter settings allowed a stored XSS. Affects 2.5.0 through 3.9.1