Joomla Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-11328

An issue was discovered in Joomla Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used) a lack of escaping the user-info component of the URI could result in an XSS vulnerability.