CVE-2018-7717

CVE: CVE-2018-7717
Published: 2018-03-05T23:29Z
Description Language: en
Description: The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1.
References:
http://debugtrap.com/2018/03/01/joomla_sige_xss/