- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.5.0 through 3.8.7
- Exploit type: XSS
- Reported Date: 2017-October-28
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-6378
Inadequate filtering of file and folder names lead to various XSS attack vectors in the media manager.
Joomla! CMS versions 1.5.0 through 3.8.7
Upgrade to version 3.8.8
The JSST at the Joomla! Security Centre.
Reported By: David Jardin, JSST