CVE-2018-12711: XSS
First published: Tue Jun 26 2018(Updated: )
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | >=1.6.0<=3.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-12711?
CVE-2018-12711 is classified as a high severity vulnerability due to its potential for reflective cross-site scripting (XSS) attacks.
How do I fix CVE-2018-12711?
To fix CVE-2018-12711, upgrade Joomla! to version 3.8.9 or later where the vulnerability is patched.
What versions of Joomla! are affected by CVE-2018-12711?
CVE-2018-12711 affects Joomla! versions from 1.6.0 to 3.8.8.
What type of vulnerability is CVE-2018-12711?
CVE-2018-12711 is an XSS (cross-site scripting) vulnerability found in the language switcher module of Joomla!.
Can CVE-2018-12711 be exploited remotely?
Yes, CVE-2018-12711 can be exploited remotely if an attacker can craft a malicious link that exploits the unescaped HTML special characters.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/joomla
- canonical/joomla
- version/joomla/1.6.0
- version/joomla/3.8.8