Joomla · Joomla! · CVE-2018-12711
**Name of the Vulnerable Software and Affected Versions**
Joomla! versions 1.6.0 through 3.8.8
**Description**
A cross-site scripting (XSS) issue was found in the language switcher module. The link of the current language may contain unescaped HTML special characters, potentially leading to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
**Recommendations**
For Joomla! versions 1.6.0 through 3.8.8, update to version 3.8.9 or later to resolve the issue.