Description
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin AddToAny Share Buttons Cross-Site Scripting (1.6.6)
WordPress Plugin Subscribe To Comments Reloaded Cross-Site Scripting (150611)
WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)
WordPress Plugin CYSTEME Finder, the admin files explorer Cross-Site Request Forgery (1.4)