vulnerability

Joomla!: [20180602] - Core - XSS vulnerability in language switcher module (CVE-2018-12711)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2018-06-26	2018-06-27	2024-11-27

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2018-06-26

Added

2018-06-27

Modified

2024-11-27

Description

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.

Solution

joomla-upgrade-3_8_9

References

CVE-2018-12711
https://attackerkb.com/topics/CVE-2018-12711
URL-http://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today