CVE-2018-11328 — Cross-site Scripting in Joomla !
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 82.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 22
Latest updateMay 14
Description
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7