21 results (0.016 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

The wrapper extensions do not correctly validate inputs, leading to XSS vectors. El filtrado de contenido inadecuado genera vulnerabilidades XSS en varios componentes. • https://developer.joomla.org/security-centre/938-20240704-core-xss-in-wrapper-extensions.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

The Custom Fields component not correctly filter inputs, leading to a XSS vector. El componente Custom Fields no filtra correctamente las entradas, lo que genera un vector XSS. • https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. El proceso de análisis de archivos de idioma podría manipularse para exponer variables de entorno. Las variables de entorno pueden contener información sensible. • https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. • https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. • https://developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •