CVE-2019-16725 (joomla!)

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Source: NIST
CVE-2019-16725 (joomla!)