CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15697
https://notcve.org/view.php?id=CVE-2020-15697
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/821-20200704-core-variable-tampering-via-user-table-class.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15696
https://notcve.org/view.php?id=CVE-2020-15696
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/822-20200705-core-escape-mod-random-image-link.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-13760
https://notcve.org/view.php?id=CVE-2020-13760
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. En Joomla! versiones anteriores a 3.9.19, la falta de comprobaciones de token en com_postinstall conlleva a un ataque de tipo CSRF. • https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13761
https://notcve.org/view.php?id=CVE-2020-13761
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. En Joomla! versiones anteriores a 3.9.19, la falta de comprobación de entrada en la opción heading tag de los módulos "Articles - Newsflash" y "Articles - Categories" permite un ataque de tipo XSS. • https://developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13763
https://notcve.org/view.php?id=CVE-2020-13763
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. En Joomla! versiones anteriores a 3.9.19, los ajustes predeterminados de la configuración global textfilter no bloquea las entradas HTML para usuarios Invitados. • https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings • CWE-281: Improper Preservation of Permissions •