[20180802] - Core - Stored XSS vulnerability in the frontend profile

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.5.0 through 3.8.11
Exploit type: XSS
Reported Date: 2018-July-10
Fixed Date: 2018-August-28
CVE Number: CVE-2018-15880

Description

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fouad Maakor