nvd-json-data-feeds/CVE-2018/CVE-2018-127xx/CVE-2018-12711.json

{
  "id": "CVE-2018-12711",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-06-26T19:29:00.250",
  "lastModified": "2018-08-20T13:48:27.037",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de Cross-Site Scripting (XSS) en el m\u00f3dulo language switcher en Joomla! desde la versi\u00f3n 1.6.0 hasta la 3.8.8 anterior a la 3.8.9. En algunos casos, el enlace del idioma actual podr\u00eda contener caracteres especiales HTML no escapados. Esto podr\u00eda conducir a Cross-Site Scripting (XSS) reflejado mediante la inyecci\u00f3n de par\u00e1metros arbitrarios y/o valores en la URL de la p\u00e1gina actual."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.6.0",
              "versionEndIncluding": "3.8.8",
              "matchCriteriaId": "8ADA2861-2F9F-409F-A652-EA6D24BD9535"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/104565",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1041244",
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}