An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
References
Link | Resource |
---|---|
https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module | Vendor Advisory |
http://www.securityfocus.com/bid/104565 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041244 | VDB Entry Third Party Advisory |
Configurations
Information
Published : 2018-06-26 12:29
Updated : 2018-08-20 06:48
NVD link : CVE-2018-12711
Mitre link : CVE-2018-12711
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
joomla
- joomla\!