Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-11328


An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.


Published

2018-05-22T15:29:00.543

Last Modified

2024-11-21T03:43:08.893

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

4.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application joomla joomla\! < 3.8.8 Yes

References