CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8420
https://notcve.org/view.php?id=CVE-2020-8420
28 Jan 2020 — An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3595
https://notcve.org/view.php?id=CVE-2011-3595
22 Jan 2020 — Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. Se presentan múltiples vulnerabilidades de tipo Cross-site Scripting (XSS) en Joomla! versiones hasta 1.7.0, en el archivo index.php en los parámetros search word, extension, asset y author. • http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4907
https://notcve.org/view.php?id=CVE-2011-4907
15 Jan 2020 — Joomla! 1.5x through 1.5.12: Missing JEXEC Check Joomla! versión versiones 1.5x hasta 1.5.12: una Falta de Comprobación de JEXEC. • https://developer.joomla.org/security/news/301-20090722-core-file-upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2012-1563 – Joomla! < 2.5.2 - Admin Creation
https://notcve.org/view.php?id=CVE-2012-1563
15 Jan 2020 — Joomla! before 2.5.3 allows Admin Account Creation. Joomla! versiones anteriores a 2.5.3, permite la Creación de Cuentas de Administrador. • https://www.exploit-db.com/exploits/41156 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1562
https://notcve.org/view.php?id=CVE-2012-1562
15 Jan 2020 — Joomla! core before 2.5.3 allows unauthorized password change. Joomla! core versiones anteriores a 2.5.3, permite el cambio no autorizado de contraseña. • http://www.openwall.com/lists/oss-security/2012/03/19/11 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19846
https://notcve.org/view.php?id=CVE-2019-19846
18 Dec 2019 — In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. En Joomla! versiones anteriores a la versión 3.9.14, la falta de comprobación de los parámetros de configuración utilizados en las consultas SQL causó varios vectores de inyección SQL. • https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19845
https://notcve.org/view.php?id=CVE-2019-19845
18 Dec 2019 — In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. En Joomla! versiones anteriores a la versión 3.9.14, una falta de comprobación de acceso en los archivos del framework podría conllevar a una divulgación de la ruta. • https://developer.joomla.org/security-centre/796-20191201-core-path-disclosure-in-logger-class • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18650
https://notcve.org/view.php?id=CVE-2019-18650
06 Nov 2019 — An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.13. • https://developer.joomla.org/security-centre/794-20191001-core-csrf-in-com-template-overrides-view.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18674
https://notcve.org/view.php?id=CVE-2019-18674
06 Nov 2019 — An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. Se descubrió un problema en Joomla! versiones anteriores a 3.9.13. • https://developer.joomla.org/security-centre/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16725
https://notcve.org/view.php?id=CVE-2019-16725
24 Sep 2019 — In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. En Joomla! versiones 3.x anteriores a 3.9.12, el escape inadecuado permitió ataques de tipo XSS utilizando el parámetro logo de las plantillas predeterminadas. • https://developer.joomla.org/security-centre/791-20190901-core-xss-in-logo-parameter-of-default-templates.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •