CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 https://developer.joomla.org/security-centre/700-20170704-core-installer-lack-of-ownership-verification.html https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Hanno-Boeck-Abusing-Certificate-Transparency-Logs.pdf https://twitter.com/hanno/status/890281330906247168 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6503
https://notcve.org/view.php?id=CVE-2012-6503
Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. Vulnerabilidad no especificada en el componente NinjaXplorer anterior a v1.0.7 para Joomla! tiene un impacto desconocido y vectores de ataque. • http://ninjaforge.com/blog/318-security-vulnerability-discovered-in-ninjaxplorer-upgrade-immediately http://secunia.com/advisories/48958 http://www.osvdb.org/81630 http://www.securityfocus.com/bid/53256 https://exchange.xforce.ibmcloud.com/vulnerabilities/75161 •
CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 3CVE-2011-0005 – Joomla! 1.0.x - 'ordering' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0005
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo com_search de Joomla! 1.0.x hasta la 1.0.15. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro ordering de index.php. • https://www.exploit-db.com/exploits/35167 http://osvdb.org/70369 http://packetstormsecurity.org/files/view/97273/joomla1015-xss.txt http://www.securityfocus.com/archive/1/515553/100/0/threaded http://www.securityfocus.com/archive/1/515590/100/0/threaded http://www.securityfocus.com/bid/45679 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.0.x~15%5D_cross_site_scripting https://exchange.xforce.ibmcloud.com/vulnerabilities/64539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-1600 – Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-1600
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. Vulnerabilidad de inyección SQL en el componente Media Mall Factory (com_mediamall) v1.0.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro category a index.php. • https://www.exploit-db.com/exploits/12234 http://secunia.com/advisories/39546 http://www.exploit-db.com/exploits/12234 http://www.osvdb.org/63940 http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt http://www.securityfocus.com/bid/39488 http://www.thefactory.ro/shop/joomla-components/media-mall.html https://exchange.xforce.ibmcloud.com/vulnerabilities/57906 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •