[20180101] – Core – XSS vulnerability in module chromes

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.0.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-21
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6380

Description

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin, JSST
Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.