Vulnerability Name: | CVE-2018-12711 (CCN-145549) | ||||||||||||
Assigned: | 2018-06-26 | ||||||||||||
Published: | 2018-06-26 | ||||||||||||
Updated: | 2018-08-20 | ||||||||||||
Summary: | An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | ||||||||||||
CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-12711 Source: BID Type: Third Party Advisory, VDB Entry 104565 Source: CCN Type: BID-104565 Joomla! Core CVE-2018-12711 Cross Site Scripting Vulnerabilitiy Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041244 Source: CCN Type: Joomla! Developer Web site Core - XSS vulnerability in language switcher module Source: CONFIRM Type: Vendor Advisory https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module Source: XF Type: UNKNOWN joomla-core-cve201812711-xss(145549) Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-12711 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |