CVE-2018-12711
MEDIUMJoomla! 1.6.0-3.8.8 - Reflected Cross-Site Scripting in Language Switcher Module
Title source: llmDescription
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104565
Vendor Advisory x_refsource_confirm
https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041244
Scores
CVSS v3
6.1
EPSS
0.0124
EPSS Percentile
79.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
joomla/joomla\!
1.6.0 - 3.8.8
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026