Vulnerability Description
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | < 3.8.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104268Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerabilityVendor Advisory
- http://www.securityfocus.com/bid/104268Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerabilityVendor Advisory
FAQ
What is CVE-2018-6378?
CVE-2018-6378 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
How severe is CVE-2018-6378?
CVE-2018-6378 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6378?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.