Description In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. Remediation References CVE-2018-6380 Related Vulnerabilities WordPress Plugin Simple URLs-Link Cloaking, Product Displays, and Affiliate Link Management Multiple Vulnerabilities (114) WordPress Plugin Login with phone number Cross-Site Scripting (1.4.1) MySQL CVE-2020-2768 Vulnerability (CVE-2020-2768) WordPress Plugin Brizy-Page Builder Security Bypass (2.4.44) WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6) Severity Medium Classification CVE-2018-6380 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities