• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Moderate
  • Versions: 3.0.0 through 3.8.7
  • Exploit type:XSS
  • Reported Date:2018-February-02 & 2018-March-27
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11326


Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.7


Upgrade to version 3.8.8

Additional Resources


The JSST at the Joomla! Security Centre.

Reported By: Kai Zhao of 3H Security Team & Zhouyuan Yang (FortiGuard Labs)