CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27187 – [20240804] - Core - Improper ACL for backend profile view
https://notcve.org/view.php?id=CVE-2024-27187
20 Aug 2024 — Improper Access Controls allows backend users to overwrite their username when disallowed. • https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21729 – [20240701] - Core - XSS in accessible media selection field
https://notcve.org/view.php?id=CVE-2024-21729
09 Jul 2024 — Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. • https://developer.joomla.org/security-centre/935-20240701-core-xss-in-accessible-media-selection-field.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21730 – [20240702] - Core - Self-XSS in fancyselect list field layout
https://notcve.org/view.php?id=CVE-2024-21730
09 Jul 2024 — The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. • https://developer.joomla.org/security-centre/936-20240702-core-self-xss-in-fancyselect-list-field-layout.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26279 – [20240704] - Core - XSS in Wrapper extensions
https://notcve.org/view.php?id=CVE-2024-26279
09 Jul 2024 — The wrapper extensions do not correctly validate inputs, leading to XSS vectors. El filtrado de contenido inadecuado genera vulnerabilidades XSS en varios componentes. • https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26278 – [20240705] - Core - XSS in com_fields default field value
https://notcve.org/view.php?id=CVE-2024-26278
09 Jul 2024 — The Custom Fields component not correctly filter inputs, leading to a XSS vector. El componente Custom Fields no filtra correctamente las entradas, lo que genera un vector XSS. • https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21731 – [20240703] - Core - XSS in StringHelper::truncate method
https://notcve.org/view.php?id=CVE-2024-21731
09 Jul 2024 — Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. • https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32788 – WordPress FG Joomla to Wordpress plugin <= 4.20.2 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-32788
22 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. Inserción de información confidencial en la vulnerabilidad del archivo de registro en Frédéric GILLES FG Joomla a WordPress. Este problema afecta a FG Joomla a WordPress: desde n/a hasta 4.20.2. The FG Joomla to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.20.2 via... • https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-20-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24837 – Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins
https://notcve.org/view.php?id=CVE-2024-24837
02 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Frédéric GILLES FG PrestaShop a WooCommerce, Frédéric GILLES FG Drupal a WordPress, Frédéric GILLES FG Joomla... • https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-40626 – [20231101] - Core - Exposure of environment variables
https://notcve.org/view.php?id=CVE-2023-40626
29 Nov 2023 — The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. El proceso de análisis de archivos de idioma podría manipularse para exponer variables de entorno. Las variables de entorno pueden contener información sensible. • https://github.com/TLWebdesign/Joomla-3.10.12-languagehelper-hotfix •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23754 – [20230501] - Core - Open Redirect and XSS within the mfa select
https://notcve.org/view.php?id=CVE-2023-23754
30 May 2023 — An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. • https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •