Description In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. Remediation References CVE-2018-6380 Related Vulnerabilities WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1) Ruby on Rails CVE-2015-3227 Vulnerability (CVE-2015-3227) WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection and Information Disclosure Vulnerabilities (0.59) PHP HTTP POST incorrect MIME header parsing vulnerability WordPress Plugin freetobook widget Unspecified Vulnerability (1.0.5) Severity Medium Classification CVE-2018-6380 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities