CVE-2020-11891
https://notcve.org/view.php?id=CVE-2020-11891
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html •
CVE-2020-11889
https://notcve.org/view.php?id=CVE-2020-11889
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function •
CVE-2020-11890
https://notcve.org/view.php?id=CVE-2020-11890
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://github.com/HoangKien1020/CVE-2020-11890 https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html • CWE-20: Improper Input Validation •
CVE-2020-10243
https://notcve.org/view.php?id=CVE-2020-10243
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •