vulnerability

Joomla!: [20180602] - Core - XSS vulnerability in language switcher module (CVE-2018-12711)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jun 26, 2018	Jun 27, 2018	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jun 26, 2018

Added

Jun 27, 2018

Modified

Nov 27, 2024

Description

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.

Solution

joomla-upgrade-3_8_9

References

CVE-2018-12711
https://attackerkb.com/topics/CVE-2018-12711
URL-http://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today