An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24599
Reference (s):
- https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions