CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2019-6263 – Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
https://notcve.org/view.php?id=CVE-2019-6263
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones del filtrado de texto "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://packetstorm.news/files/id/151234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6262
https://notcve.org/view.php?id=CVE-2019-6262
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6264
https://notcve.org/view.php?id=CVE-2019-6264
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en mod_banners conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17857
https://notcve.org/view.php?id=CVE-2018-17857
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17856
https://notcve.org/view.php?id=CVE-2018-17856
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. com_joomlaupdate permite la ejecución de código arbitrario. • http://www.securityfocus.com/bid/105559 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17859
https://notcve.org/view.php?id=CVE-2018-17859
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17858
https://notcve.org/view.php?id=CVE-2018-17858
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. Las acciones com_installer no tienen un bastionado CSRF suficiente en el backend. • http://www.securityfocus.com/bid/105559 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17855
https://notcve.org/view.php?id=CVE-2018-17855
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
26 Jun 2018 — An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
26 Jun 2018 — An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 • CWE-20: Improper Input Validation •