An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.Referenceshttp://www.securityfocus.com/bid/106638https://developer.joomla.org/security-centre/760-20190101-core-stored-xss-in-mod-banners
