Description

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.

Remediation

References

CVE-2018-12711

Related Vulnerabilities

WordPress Plugin Eyes Only:User Access Shortcode Cross-Site Scripting (1.8.2)

WordPress Plugin Subscriptions & Memberships for PayPal Cross-Site Scripting (1.1.2)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.38)

Python CVE-2019-9636 Vulnerability (CVE-2019-9636)

Severity

Medium

Classification

CVE-2018-12711 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities