{"api_version":"1","generated_at":"2026-04-28T05:45:44+00:00","cve":"CVE-2018-12711","urls":{"html":"https://cve.report/CVE-2018-12711","api":"https://cve.report/api/cve/CVE-2018-12711.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-12711","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-12711"},"summary":{"title":"CVE-2018-12711","description":"An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-06-26 19:29:00","updated_at":"2018-08-20 13:48:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module","name":"https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"[20180602] - Core - XSS vulnerability in language switcher module","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1041244","name":"1041244","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Joomla! Input Validation Flaw in Language Switcher Module Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104565","name":"104565","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Joomla! Core CVE-2018-12711 Cross Site Scripting Vulnerabilitiy","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-12711","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12711","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"12711","vulnerable":"1","versionEndIncluding":"3.8.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"joomla","cpe5":"joomla!","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"12711","vulnerable":"1","versionEndIncluding":"3.8.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"joomla","cpe5":"joomla\\!","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-12711","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"104565","refsource":"BID","url":"http://www.securityfocus.com/bid/104565"},{"name":"https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module","refsource":"CONFIRM","url":"https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module"},{"name":"1041244","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041244"}]}},"nvd":{"publishedDate":"2018-06-26 19:29:00","lastModifiedDate":"2018-08-20 13:48:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndIncluding":"3.8.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"12711","Ordinal":"129340","Title":"CVE-2018-12711","CVE":"CVE-2018-12711","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"12711","Ordinal":"1","NoteData":"An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"12711","Ordinal":"2","NoteData":"2018-06-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"12711","Ordinal":"3","NoteData":"2018-07-12","Type":"Other","Title":"Modified"}]}}}