– Core – XSS Vulnerability
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.6.5
- Exploit type: XSS
- Reported Date: 2016-February-28
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7987
Inadequate escaping of file and folder names leads to XSS vulnerabilites in the template manager component.
Joomla! CMS versions 3.2.0 through 3.6.5
Upgrade to version 3.7.0
The JSST at the Joomla! Security Centre.