A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability.
CWE is classifying the issue as CWE-80. This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
CVE-2019-6264
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
It is highly recommended to update Joomla to version 3.9.2 which is not affected.
Related recent vulnerabilities
CVE-2019-6261
Inadequate escaping in com_contact leads to a stored XSS vulnerability. Affects 2.5.0 through 3.9.1
CVE-2019-6262
Inadequate checks of the Global Configuration helpurl settings allowed a stored XSS. Affects 2.5.0 through 3.9.1
CVE-2019-6263
Inadequate checks of the Global Configuration Text Filter settings allowed a stored XSS. Affects 2.5.0 through 3.9.1
