PT-2018-11346 · Joomla · Joomla!
Borja Lorenzo
·
Published
2018-06-26
·
Updated
2018-08-20
·
CVE-2018-12711
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 1.6.0 through 3.8.8
Description
A cross-site scripting (XSS) issue was found in the language switcher module. The link of the current language may contain unescaped HTML special characters, potentially leading to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
Recommendations
For Joomla! versions 1.6.0 through 3.8.8, update to version 3.8.9 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!