CVE-2018-11328 - OpenCVE

An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104269
http://www.securitytracker.com/id/1040966
https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-22T15:00:00

Updated: 2024-08-05T08:01:52.872Z

Reserved: 2018-05-21T00:00:00

Link: CVE-2018-11328

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-22T15:29:00.543

Modified: 2018-06-22T16:17:14.570

Link: CVE-2018-11328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "104269", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104269"}, {"tags": ["x_refsource_MISC"], "url": "https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html"}, {"name": "1040966", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040966"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "104269", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104269"}, {"name": "https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html", "refsource": "MISC", "url": "https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html"}, {"name": "1040966", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040966"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:01:52.872Z"}, "title": "CVE Program Container", "references": [{"name": "104269", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104269"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html"}, {"name": "1040966", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040966"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11328", "datePublished": "2018-05-22T15:00:00", "dateReserved": "2018-05-21T00:00:00", "dateUpdated": "2024-08-05T08:01:52.872Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3E86007-2360-4688-B08B-C4A9563CE251", "versionEndExcluding": "3.8.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability."}, {"lang": "es", "value": "Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. En circunstancias concretas, (una redirecci\u00f3n enviada con un URI que contiene un nombre de usuario y contrase\u00f1a cuando no se puede emplear la cabecera Location:), la falta de escape del componente user-info del URI podr\u00eda resultar en una vulnerabilidad de Cross-Site Scripting (XSS)."}], "id": "CVE-2018-11328", "lastModified": "2018-06-22T16:17:14.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-22T15:29:00.543", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104269"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040966"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}