Overview :
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Affected Product(s) :
  • Joomla! 3.x before 3.9.12
Vulnerability Details :
CVE ID : CVE-2019-16725
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

Solution :

Upgrade to version 3.9.12