Open Source Matters · Joomla! · CVE-2019-12766
**Name of the Vulnerable Software and Affected Versions**
Joomla! versions prior to 3.9.7
**Description**
An issue was discovered where the subform fieldtype does not sufficiently filter or validate input of subfields, leading to XSS attack vectors.
**Recommendations**
For versions prior to 3.9.7, update to version 3.9.7 or later to resolve the issue.