[20180602] - Core - XSS vulnerability in language switcher module

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
C0de_Reviewer
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Jul 06, 2018 1:33 pm

[20180602] - Core - XSS vulnerability in language switcher module

Post by C0de_Reviewer » Mon Jul 09, 2018 8:40 am

Hello. Can someone help in elaborating where can I view the -

[20180602] - Core - XSS vulnerability in language switcher module

in the source code of Joomla 3.7 version. I am unable to understand where the vulnerability exists.

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3903
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by AMurray » Mon Jul 09, 2018 9:03 am

I don't know the answer, but the solution is here:
https://developer.joomla.org/security-c ... odule.html

Why are you using 3.7 when the current version is 3.8.10?
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

C0de_Reviewer
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Jul 06, 2018 1:33 pm

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by C0de_Reviewer » Mon Jul 09, 2018 9:57 am

I want to analyse which part of the code is vulnerable to reflective XSS. The link does not give information as to where the reflective XSS is possible.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1684
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by fcoulter » Mon Jul 09, 2018 10:57 am

The link does not give information as to where the reflective XSS is possible.
Why do you think that is?

Answer: It is not the policy of the JSST to publicly discuss vulnerabilities in the Joomla core (even old ones).

And it is not the policy of this forum to allow such discussion, any such post will be immediately removed.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

C0de_Reviewer
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Jul 06, 2018 1:33 pm

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by C0de_Reviewer » Mon Jul 09, 2018 11:04 am

So is there any way I can find more about this vulnerability within the JSST policy?

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1684
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by fcoulter » Mon Jul 09, 2018 11:15 am

Not to my knowledge.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14694
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: [20180602] - Core - XSS vulnerability in language switcher module

Post by mandville » Mon Jul 09, 2018 11:46 am

see here. https://developer.joomla.org/security.html it will give you something to read after you update your joomla
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Post Reply

Return to “Security in Joomla! 3.x”