CVE-2018-12711

Sažetak

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.

Reference

http://www.securityfocus.com/bid/104565
http://www.securitytracker.com/id/1041244
https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

20-08-2018 - 13:48

Objavljeno

26-06-2018 - 19:29