- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: XSS
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Roland Dalmulder, Perfect Web Team