186 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

The wrapper extensions do not correctly validate inputs, leading to XSS vectors. El filtrado de contenido inadecuado genera vulnerabilidades XSS en varios componentes. • https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. El proceso de análisis de archivos de idioma podría manipularse para exponer variables de entorno. Las variables de entorno pueden contener información sensible. • https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Se ha detectado un problema en Joomla! Versiones 2.5.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. Se ha detectado un problema en Joomla! versiones 3.0.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/874-20220305-core-inadequate-filtering-on-the-selected-ids.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/872-20220303-core-user-row-are-not-bound-to-a-authentication-mechanism.html • CWE-287: Improper Authentication •