• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-20
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6377


Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.3


Upgrade to version 3.8.4


The JSST at the Joomla! Security Centre.

Reported By: Benjamin Trenkle, JSST