Lucene search

[email protected]CVE-2018-12711

HistoryJun 26, 2018 - 7:29 p.m.

CVE-2018-12711

2018-06-2619:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-12711

xss

joomla

reflective xss

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.015 Low

EPSS

Percentile

87.2%

JSON

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.

Affected configurations

NVD

Node

joomlajoomla\!Range1.6.0–3.8.8

CPENameOperatorVersion
joomla:joomla\!joomla joomla!le3.8.8

CPE	Name	Operator	Version
joomla:joomla\!	joomla joomla!	le	3.8.8

References

www.securityfocus.com/bid/104565

www.securitytracker.com/id/1041244

developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2018-12711

openvas1 joomla1 nvd1 cvelist1 prion1 osv1 nessus1