Description An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. Remediation References CVE-2019-9711 Related Vulnerabilities PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8383) WordPress Plugin Easy Justified Gallery Cross-Site Scripting (1.0.8) WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2) WordPress Plugin WHMCS Bridge Cross-Site Scripting (6.2) e107 Other Vulnerability (CVE-2004-2040) Severity Medium Classification CVE-2019-9711 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Tags Missing Update Known Vulnerabilities