- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Moderate
- Versions: 3.0.0 through 3.8.7
- Exploit type:XSS
- Reported Date:2018-February-02 & 2018-March-27
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-XXXX
Description
Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Additional Resources
Contact
The JSST at the Joomla! Security Centre.
Reported By: LL & Zhouyuan Yang (FortiGuard Labs)