CVE-2020-13763
https://notcve.org/view.php?id=CVE-2020-13763
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. En Joomla! versiones anteriores a 3.9.19, los ajustes predeterminados de la configuración global textfilter no bloquea las entradas HTML para usuarios Invitados. • https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings • CWE-281: Improper Preservation of Permissions •
CVE-2020-11889
https://notcve.org/view.php?id=CVE-2020-11889
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function •
CVE-2020-11890
https://notcve.org/view.php?id=CVE-2020-11890
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://github.com/HoangKien1020/CVE-2020-11890 https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html • CWE-20: Improper Input Validation •
CVE-2020-10243
https://notcve.org/view.php?id=CVE-2020-10243
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •